HawkinsOperationsDetection Engineering SOC

Pipeline

Operational flow from source change to public rendering.

This parent page owns the gate sequence only. Full validation, proof-pack, and platform-contract details now live on their owner routes.

CONTROLLED_TEST_VALIDATEDHUMAN_REVIEW_REQUIREDGREEN_CI_NOT_AUTHORITY

Public inspection layer

source truthseparate
runtime truthseparate
signal truthseparate
evidence truthseparate
public proofseparate

Operational flow

Source to rendered route

A change moves through source, review, controlled fixtures, validators, scanners, proof record, human review, and public rendering.

01REPO_CHANGERepo change02PULL_REQUESTPull request03GH_ACTIONSGitHub Actions04CONTROLLED_FIXTURESControlled fixtures05VALIDATORSDeterministic validators06SCANNERBlocked-claim scanner07PROOF_RECORDProof record08WEBSITE_RENDERWebsite renderingHOW THE PROOF PIPELINE WORKSSOURCE → BOUNDARY · CONTROLLED_TEST_VALIDATED
01Repo change
What happens
A change is made in a source repository — detection rule, validator, proof wording, or website route.
What this supports
A change exists at a known path with a stated owner.
What this does NOT prove
Runtime activity, signal observation, or any public claim. Source presence is not proof.
Next gate
Pull request opens a reviewer-visible boundary around the change.
Related surface
Source surface · detections / platform / validation / proof / website
02Pull request
What happens
Change is opened as a pull request so reviewers can see what is proposed before it merges.
What this supports
The change is reviewer-visible and the diff is bounded.
What this does NOT prove
Merge approval, runtime behaviour, or claim promotion.
Next gate
GitHub Actions runs the required checks defined by the repo's contract.
Related surface
Governance surface · .github / repo PR settings
03GitHub Actions
What happens
Configured GitHub Actions workflows run on the PR — site contract checks, blocked-claim scans, and deterministic validators.
What this supports
Required checks executed against the change inside the controlled-test boundary.
What this does NOT prove
Production deployment, model execution in CI, GPU CI proven status, runtime-active behaviour, or signal-observed activity.
Next gate
Controlled fixtures and deterministic validators decide pass/fail.
Related surface
Required checks surface · .github/workflows
04Controlled fixtures
What happens
Positive and negative test cases (fixtures) define the contract the change must satisfy.
What this supports
A bounded contract exists for what the change must accept and reject.
What this does NOT prove
Runtime fire on real telemetry, signal-observed status, or fleet-wide behaviour.
Next gate
Validators run the fixtures and emit a deterministic pass/fail receipt.
Related surface
Validation surface · hawkinsoperations-validation
05Deterministic validators
What happens
Validators execute against the fixtures and produce a deterministic pass/fail outcome.
What this supports
A reviewable pass/fail receipt for the controlled-test contract.
What this does NOT prove
Public-safe runtime proof, runtime-active behaviour, signal-observed activity, AI-approved disposition, or analyst-approved disposition.
Next gate
Blocked-claim scanner inspects the diff for wording that cannot ship publicly.
Related surface
Validation surface · controlled-test boundary
06Blocked-claim scanner
What happens
Site contract scanner inspects the change for blocked wording (runtime-active, signal-observed, public-safe runtime proof, autonomous SOC, and others) outside of explicit blocked/negative context.
What this supports
Blocked terms cannot silently appear as public assertions; they remain visible only as blocked claims.
What this does NOT prove
That every claim is true — only that no blocked-term wording shipped through the rendering surface.
Next gate
Proof record links source, validation, and the bounded public claim.
Related surface
Claim firewall surface · verify-site-contract.mjs
07Proof record
What happens
An evidence record in the proof repo preserves what the change supports, what it does not prove, and the public ceiling that applies.
What this supports
A reviewer-visible record of the bounded claim and the evidence path that supports it.
What this does NOT prove
Public-safe state on its own — promotion to public requires separate evidence and Raylee approval.
Next gate
Website renders the proof route under the public claim ceiling.
Related surface
Evidence surface · hawkinsoperations-proof
08Website rendering
What happens
The website renders the proof route at the public ceiling so reviewers can inspect the chain end to end.
What this supports
A bounded public rendering that routes reviewers back to source, validation, and the proof record.
What this does NOT prove
Anything beyond rendering. Website rendering is not proof. Human review authorizes whether wording can move past the current public ceiling.
Next gate
Human review authorizes any promotion above CONTROLLED_TEST_VALIDATED.
Related surface
Public rendering surface · hawkinsoperations-website

Checks

Gates and responsibilities

Checks can fail a change, but green checks are not human governance or proof authority.

  • GitHub Actions · gate

    Required checks

    GitHub Actions runs deterministic validation and site/proof contract checks before public wording ships.

    In plain EnglishPull requests can move faster, but public claims cannot outrun the gates.

    Inspect the proof loop →

  • GitHub Actions · gate

    Claim firewall

    Blocked terms remain visible as blocked claims but cannot silently become public assertions.

    In plain EnglishThe system can discuss what is blocked without accidentally claiming it.

    Open the claim firewall →

  • GitHub Actions · gate

    Human review

    Green checks are not authority. Review authorizes whether a claim can move forward.

    In plain EnglishAutomation does labor. Human review authorizes truth.

    Choose a reviewer route →

Owner routes

Receipt dependencies

Deep registries and contract details moved out of the pipeline parent page.

Open route

Validation registry

Controlled-test packages, fixture counts, and validation boundaries.

Inspect pathOpen route

Proof ledger

Public ceiling, proof records, supported claims, and blocked claims.

Inspect pathOpen route

Proof Pack 001

Release route, manifest, checksum, and included/excluded boundaries.

Inspect pathOpen route

Platform contracts

Support-only guardrails, schemas, samples, verifiers, and blocked authority.

Inspect path

Reviewer snapshot · hand-maintained · rendering only. This timeline is not live runtime telemetry.

001
bounded packet

Proof Pack 001 reviewer packet

Bounded HO-DET-001 reviewer packet at CONTROLLED_TEST_VALIDATED.

002
receipt

Checksum manifest

SHA256SUMS.txt locks source packet files for review.

003
snapshot

Validation registry

Controlled-test packages, fixture counts, and blocked runtime states.

004
snapshot

Proof status index

Per-detection proof status; human review required.

005
bounded packet

AutoSOC seed ledger

Append-only seed ledger — 1 case, human-review required.

006
bounded packet

SOAR case packet

Deterministic analyst-support structure; response authority blocked.

007
bounded packet

Local GPU / LLM support boundary

Private support-only contract boundary; public runtime proof blocked.