From 5938baa50f37dbb882cffb746c6ef83b9db7009c Mon Sep 17 00:00:00 2001 From: Raylee Hawkins Date: Sun, 31 May 2026 23:25:09 -0500 Subject: [PATCH 1/2] Add command-center invariant verifier --- .github/pull_request_template.md | 5 + .../workflows/command-center-invariants.yml | 38 +++ README.md | 15 +- architecture/REPRODUCIBLE_REVIEWER_PATH.md | 25 +- governance/COMMAND_CENTER_INVARIANTS.json | 32 ++ governance/CONTROL_STATUS_MATRIX.md | 3 +- governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md | 4 +- governance/ORG_REQUIRED_CHECKS_MATRIX.yml | 17 +- profile/README.md | 19 +- profile/START_HERE.md | 22 +- scripts/verify-command-center-invariants.py | 287 ++++++++++++++++++ 11 files changed, 429 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/command-center-invariants.yml create mode 100644 governance/COMMAND_CENTER_INVARIANTS.json create mode 100644 scripts/verify-command-center-invariants.py diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e81b72b..568c642 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -66,6 +66,10 @@ List checks run, checks not run, and any required status checks. Green CI/status checks are not merge authority. +For command-center, reviewer-route, governance, or proof-boundary changes, run: + +`python scripts/verify-command-center-invariants.py` + ## Security / Privacy State whether private-term, public-safety, secret, hostname, LAN IP, raw-log, screenshot, CSV export, or local evidence-path risk was reviewed. @@ -96,6 +100,7 @@ This PR must not promote runtime-active, signal-observed, evidence-linked public - [ ] No unrelated dirty state included - [ ] Claim boundary included - [ ] Testing/validation listed +- [ ] Command-center invariant check run or explicitly not applicable - [ ] Private-term/public-safety review completed or explicitly not run - [ ] No runtime/signal/public-safe overclaim added - [ ] Required session log appended if this was meaningful work diff --git a/.github/workflows/command-center-invariants.yml b/.github/workflows/command-center-invariants.yml new file mode 100644 index 0000000..9e2db4b --- /dev/null +++ b/.github/workflows/command-center-invariants.yml @@ -0,0 +1,38 @@ +name: command-center-invariants + +on: + pull_request: + paths: + - "README.md" + - "profile/**" + - "architecture/**" + - "governance/**" + - "wiki/**" + - ".github/pull_request_template.md" + - ".github/workflows/command-center-invariants.yml" + - "scripts/verify-command-center-invariants.py" + push: + branches: + - main + paths: + - "README.md" + - "profile/**" + - "architecture/**" + - "governance/**" + - "wiki/**" + - ".github/pull_request_template.md" + - ".github/workflows/command-center-invariants.yml" + - "scripts/verify-command-center-invariants.py" + +permissions: + contents: read + +jobs: + command-center-invariants: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Verify command-center invariants + run: python scripts/verify-command-center-invariants.py diff --git a/README.md b/README.md index b1af6fd..e490c4a 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,27 @@ This repository is the HawkinsOperations GitHub organization command center. It The public organization overview is controlled by [profile/README.md](profile/README.md). This repo is a front door, not a proof source: GitHub rendering is not proof. +## Fast Reviewer Path + +| Time | Start | What to confirm | +|---:|---|---| +| 30 sec | [profile/START_HERE.md](profile/START_HERE.md) | What HawkinsOperations is, which repo owns truth, and what remains blocked. | +| 3 min | [profile/README.md](profile/README.md) -> [Control Status Matrix](governance/CONTROL_STATUS_MATRIX.md) | Command-center route, proof ceiling, ledger count boundary, and standing controls. | +| 10 min | [Reproducible Reviewer Path](architecture/REPRODUCIBLE_REVIEWER_PATH.md) | Clone-runnable source/validation/proof inspection without private runtime access. | + ## Command Center Routes | Need | Route | Boundary | |---|---|---| -| Org front door | [profile/README.md](profile/README.md) | Reviewer routing only; does not create proof. | | First reviewer path | [profile/START_HERE.md](profile/START_HERE.md) | Click path for review/demo; does not promote claims. | +| Org front door | [profile/README.md](profile/README.md) | Reviewer routing only; does not create proof. | | Six-repo architecture | [architecture/REPO_AUTHORITY_MAP.md](architecture/REPO_AUTHORITY_MAP.md) | Repo ownership map; source does not prove runtime. | | Proof chain | [architecture/REPRODUCIBLE_REVIEWER_PATH.md](architecture/REPRODUCIBLE_REVIEWER_PATH.md) | Clone-runnable inspection path; no private runtime access. | | Truth/control status | [governance/CONTROL_STATUS_MATRIX.md](governance/CONTROL_STATUS_MATRIX.md) | Current wording and blockers; soft unless enforced. | -| Standing control registers | [governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md](governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) | Maintained blocked-claims register for #10, enforcement/control-class ledger for #8, and receipt-backed issue closeout; governance classification only. | +| Standing control registers | [governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md](governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) | #8 and #10 remain open standing controls unless Raylee approves a replacement standing-control role; governance classification only. | +| Command-center invariants | [governance/COMMAND_CENTER_INVARIANTS.json](governance/COMMAND_CENTER_INVARIANTS.json) and [scripts/verify-command-center-invariants.py](scripts/verify-command-center-invariants.py) | Verifier control for route and claim-boundary invariants; does not promote proof. | | Visual system map | [wiki/11_ORG_SYSTEM_MAP.md](wiki/11_ORG_SYSTEM_MAP.md) | Docs-as-code map; routing is not proof. | -| Project cockpit | [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) | Operating control only; project metadata is not proof. Project #1 is not an active reviewer route. | +| Project cockpit | [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) | Coordination-only operating cockpit; project metadata is report-only, not proof, approval, runtime, signal, public-safe status, or merge authority. Project #1 is not an active reviewer route. | | Proof records | [hawkinsoperations-proof](https://github.com/HawkinsOperations/hawkinsoperations-proof) | Proof records own claim ceilings. | ## Current Boundary diff --git a/architecture/REPRODUCIBLE_REVIEWER_PATH.md b/architecture/REPRODUCIBLE_REVIEWER_PATH.md index 6d88064..e113d2b 100644 --- a/architecture/REPRODUCIBLE_REVIEWER_PATH.md +++ b/architecture/REPRODUCIBLE_REVIEWER_PATH.md @@ -149,7 +149,7 @@ npm run build Expected Phase 1 gap: - ID-DET-002, ID-DET-003, and ID-DET-004 public website routes are pending. -- HO-DET-012 appears in current website telemetry data, but proof and website parity remain required before any public proof or public-safe wording can be claimed. +- HO-DET-012 appears in current website source data, but proof and website parity remain required before any public proof or public-safe wording can be claimed. ## Private-Only Commands Excluded @@ -166,30 +166,23 @@ The public clone path excludes: Private evidence can inform future review only after privacy review, stale review, evidence linkage review, wording review, and Raylee approval. -## Future Intended Top-Level Verifier +## Command-Center Invariant Verifier -Future Phase 2 or later work may add a top-level verifier under separate approval: +The `.github` command-center route has a local invariant verifier for reviewer-route and claim-boundary checks: ```powershell -python -B .github\scripts\verify_hawkinsoperations_promotion_chain.py --repo-root +cd .github +python scripts\verify-command-center-invariants.py ``` -Expected future output fields: +Expected output fields: ```text -ORG_PROMOTION_CHAIN -SOURCE_CONTRACT -VALIDATION_CONTRACT -PLATFORM_VISIBILITY_CONTRACT -PROOF_STATUS_INDEX -PUBLIC_CLAIM_PARITY -PUBLIC_SAFE_STATUS=NOT_PUBLIC_SAFE -RUNTIME_ACTIVE_PUBLIC_PROOF=BLOCKED -SIGNAL_OBSERVED_PUBLIC_PROOF=BLOCKED -HUMAN_REVIEW_REQUIRED=true +COMMAND_CENTER_INVARIANTS=PASS +checked_files= ``` -That verifier does not exist in Phase 1 and must not be claimed as a current control. +This verifier proves only that checked command-center route files and invariant wording passed. It does not prove runtime truth, signal truth, public-safe status, Project-board approval, merge authority, or public proof. ## Current Gap Summary diff --git a/governance/COMMAND_CENTER_INVARIANTS.json b/governance/COMMAND_CENTER_INVARIANTS.json new file mode 100644 index 0000000..b098901 --- /dev/null +++ b/governance/COMMAND_CENTER_INVARIANTS.json @@ -0,0 +1,32 @@ +{ + "schema": "hawkinsoperations-command-center-invariants-v1", + "scope": "HawkinsOperations/.github reviewer routing and governance shell", + "required_route_files": [ + "README.md", + "profile/README.md", + "profile/START_HERE.md", + "architecture/REPO_AUTHORITY_MAP.md", + "architecture/REPRODUCIBLE_REVIEWER_PATH.md", + "governance/CONTROL_STATUS_MATRIX.md", + "governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md", + "governance/GOVERNANCE_SUMMARY.md", + "governance/PR_REVIEW_AUTHORITY.md", + "governance/CROSS_REPO_PROMOTION_MAP.md", + "wiki/11_ORG_SYSTEM_MAP.md", + ".github/pull_request_template.md" + ], + "invariants": { + "github_repo_role": ".github is reviewer routing and governance shell only", + "project_2_role": "Project #2 is the canonical private HawkinsOperations Control Board operating cockpit", + "project_1_boundary": "Project #1 is not an active reviewer route", + "project_metadata_boundary": "Project metadata is coordination only, not proof, approval, merge authority, runtime truth, signal truth, or public-safe status", + "rendering_boundary": "Website and GitHub rendering are not proof", + "proof_authority_repo": "hawkinsoperations-proof owns proof records and claim ceilings", + "command_center_proof_ceiling": "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", + "ledger_public_safe_status": "NOT_PUBLIC_SAFE", + "ho_det_001_public_ceiling": "CONTROLLED_TEST_VALIDATED", + "runtime_signal_public_promotions": "runtime-active, signal-observed, evidence-linked public proof, public-safe, production-ready, fleet-wide, AWS-live, Cribl-routed, Wazuh-routed, autonomous SOC, AI-approved, AI-decided, analyst-approved, and live Splunk claims remain blocked unless separately proven and approved", + "standing_controls": ".github#8 and .github#10 remain standing controls", + "standing_control_replacement": "Closing or replacing .github#8 or .github#10 requires explicit Raylee approval that names the replacement standing-control role" + } +} diff --git a/governance/CONTROL_STATUS_MATRIX.md b/governance/CONTROL_STATUS_MATRIX.md index 405439e..b573a02 100644 --- a/governance/CONTROL_STATUS_MATRIX.md +++ b/governance/CONTROL_STATUS_MATRIX.md @@ -12,7 +12,8 @@ A control is REAL_CONTROL only when it blocks, fails, or forces correction throu | Organization profile | `.github` | soft routing only | SOURCE_EXISTS | No, soft routing only | `profile/README.md` | "The profile routes reviewers to truth boundaries." | "The profile proves runtime, validation, or public proof." | Keep links current and reviewed. | | Governance summary | `.github` | soft enforcement | SOURCE_EXISTS | No, unless backed by blocking checks | `governance/GOVERNANCE_SUMMARY.md` | "Governance summary describes expected gates." | "Governance text alone is a real control." | Add checks or required review that fail violations. | | PR review authority | `.github` | reviewer routing | SOURCE_EXISTS | No, unless backed by rulesets, required review, or blocking CI | `governance/PR_REVIEW_AUTHORITY.md` | "The PR review authority doc routes merge governance and visible human review expectations." | "PR review routing proves runtime, signal, evidence, public-safe status, or production readiness." | Back with rulesets, required review, or blocking CI if Raylee wants it to become real control. | -| Standing control registers | `.github` | reviewer routing / issue closeout receipt / standing control ledger | SOURCE_EXISTS | No, report-only unless backed by future blocking checks or required review | `governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md` | "The standing-control register maps blocked claims, enforcement classes, Project #2, repo hygiene, and issue closeout receipts." | "Standing-control registers prove runtime, signal, evidence, public-safe status, production readiness, or Project-board approval." | Keep #10 and #8 open as standing controls; update rows when blocked-claim or enforcement facts change. | +| Standing control registers | `.github` | reviewer routing / issue closeout receipt / standing control ledger | SOURCE_EXISTS | No, report-only unless backed by future blocking checks or required review | `governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md` | "The standing-control register maps blocked claims, enforcement classes, Project #2, repo hygiene, and issue closeout receipts." | "Standing-control registers prove runtime, signal, evidence, public-safe status, production readiness, or Project-board approval." | Keep #10 and #8 open as standing controls unless Raylee approves a replacement standing-control role; update rows when blocked-claim or enforcement facts change. | +| Command-center invariant verifier | `.github` | verifier control / workflow control | COMMAND_CENTER_INVARIANTS_VERIFIED | Yes, for checked route-file and claim-boundary invariant scope only; real merge-blocking control only if required by branch protection or ruleset | `governance/COMMAND_CENTER_INVARIANTS.json`; `scripts/verify-command-center-invariants.py`; `.github/workflows/command-center-invariants.yml` | "The command-center invariant verifier checks required route files, Project #1/#2 boundaries, proof ceilings, standing-control boundaries, private exposure patterns, and blocked-claim context." | "The verifier proves runtime truth, signal truth, public-safe status, public proof, Project-board approval, merge authority, or production readiness." | Keep verifier scope bounded; make it required only with separate GitHub settings/ruleset approval. | | Repo authority map | `.github` | soft enforcement | SOURCE_EXISTS | No, unless backed by blocking checks | `architecture/REPO_AUTHORITY_MAP.md` | "The map defines repository ownership boundaries." | "The map proves a repo complied." | Add enforceable checks for boundary violations. | | Project operating cockpit | Private org control board / `.github` routing | coordination only | PROJECT_METADATA_ROUTE | No, board state is not proof or approval | [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2); `.github/profile/README.md`; `.github/profile/START_HERE.md` | "The canonical private HawkinsOperations Control Board routes current work visibility and operating context; Project #1 is not an active reviewer route." | "Project board state proves source, validation, runtime, signal, evidence, public proof, public-safe status, merge approval, or final disposition." | Use project metadata only for coordination; proof and approval remain in repo records and Raylee review. | | Website | `hawkinsoperations-website` | rendering only | SOURCE_EXISTS | No | [hawkinsoperations.com](https://hawkinsoperations.com) | "The website renders reviewed public wording." | "Website presentation proves source, runtime, signal, or evidence truth." | Link claims to reviewed proof records. | diff --git a/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md b/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md index d538f65..eaeec4d 100644 --- a/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md +++ b/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md @@ -101,7 +101,7 @@ Boundary: docs, issues, comments, project fields, and reviewer-routing pages are | EC-006 | README / START_HERE / wiki docs | HawkinsOperations/.github | `README.md`, `profile/START_HERE.md`, `wiki/11_ORG_SYSTEM_MAP.md` | REPORT_ONLY | Reviewer routing docs describe boundaries but do not fail violations. | Current routes and stated claim boundaries. | Runtime, signal, evidence, public-proof, or public-safe truth. | Source-controlled documentation. | Docs can become stale until reviewed. | Add deterministic wording scans if needed. | Existing files read in this pass. | | EC-007 | Main branch protection | HawkinsOperations/.github | `main` branch protection | SOFT_ENFORCEMENT | PR flow and conversation resolution are enabled; status checks are not required for this repo. | Direct pushes are constrained by PR-flow settings and admin enforcement. | Claim correctness, proof promotion, or validation success. | GitHub branch protection. | No required status checks and zero required approvals reduce fail-closed coverage. | Add required checks/reviews only with explicit GitHub-settings approval. | Branch protection API observed 2026-05-31. | | EC-008 | Repository rulesets | HawkinsOperations/.github | GitHub repository settings | SOFT_ENFORCEMENT | Active branch ruleset `org-main-baseline-protection` targets the default branch and requires pull request flow, review-thread resolution, deletion protection, and non-fast-forward protection; it does not require approving reviews or status checks. | PR-flow, conversation-resolution, deletion, and non-fast-forward constraints for the default branch. | Claim correctness, proof promotion, runtime truth, signal truth, public-safe status, production readiness, or validation success. | Active GitHub branch ruleset. | Zero required approvals and no required status checks reduce fail-closed claim-boundary coverage. | Add required checks/reviews only with explicit GitHub-settings approval. | Ruleset API observed 2026-06-01. | -| EC-009 | CI workflows in `.github` repo | HawkinsOperations/.github | `.github/` directory | NOT_YET_CONTROL | No repo-local workflow file was observed; only a pull request template was present. | No workflow control exists in this repo from current files. | Any .github repo CI enforcement claim. | None observed. | No local CI gate protects these docs unless external/org settings add one. | Add a scoped verifier workflow only under separate approval. | `Get-ChildItem .github` observed pull request template only. | +| EC-009 | Command-center invariant workflow in `.github` repo | HawkinsOperations/.github | `.github/workflows/command-center-invariants.yml`; `scripts/verify-command-center-invariants.py`; `governance/COMMAND_CENTER_INVARIANTS.json` | WORKFLOW_CONTROL; real control only if required by branch protection or ruleset | Repo-local workflow and verifier now exist for command-center route files and claim-boundary invariants. | The checked route files, Project #1/#2 boundary wording, proof ceilings, standing-control boundary, private exposure patterns, and blocked-claim context passed the verifier when run locally. | Runtime truth, signal truth, public proof, public-safe status, Project-board approval, merge authority, production readiness, or GitHub settings enforcement. | `python scripts/verify-command-center-invariants.py`; GitHub Actions when triggered. | A workflow that is not required by branch protection or ruleset is workflow control but not necessarily merge-blocking real control. | Make the check required only with explicit GitHub-settings/ruleset approval. | Added in command-center audit upgrade branch; local verifier returned `COMMAND_CENTER_INVARIANTS=PASS`. | | EC-010 | Referenced validation checks | HawkinsOperations/hawkinsoperations-validation | `governance/ORG_REQUIRED_CHECKS_MATRIX.yml` | REAL_CONTROL only in required checked scope | Matrix records validation workflows and verifier commands; real only where required and failing closed. | Checked validation registry/package scope when required checks run and pass. | Runtime, signal, public-safe, production, fleet, Cribl, Wazuh, AWS-live, autonomous SOC, AI approval, or analyst approval. | GitHub Actions/verifiers in owning repo. | Path filters, non-required checks, or report-only mode can limit control strength. | Keep matrix current with observed required checks. | [ORG_REQUIRED_CHECKS_MATRIX.yml](ORG_REQUIRED_CHECKS_MATRIX.yml) | | EC-011 | Referenced proof checks | HawkinsOperations/hawkinsoperations-proof | `governance/ORG_REQUIRED_CHECKS_MATRIX.yml` | REAL_CONTROL only in required checked scope | Matrix records proof integrity/release checks; real only where required and failing closed. | Checked proof-record integrity and release-contract scope. | Runtime, signal, public-safe, production, fleet, live Splunk, Cribl, Wazuh, AWS-live, autonomous SOC, AI approval, or analyst approval. | GitHub Actions/verifiers in owning repo. | Proof checks prove only checked proof-contract fields. | Keep proof check receipts current. | [ORG_REQUIRED_CHECKS_MATRIX.yml](ORG_REQUIRED_CHECKS_MATRIX.yml) | | EC-012 | Referenced platform checks | HawkinsOperations/hawkinsoperations-platform | `governance/ORG_REQUIRED_CHECKS_MATRIX.yml` | SOFT_ENFORCEMENT to REAL_CONTROL by check | Matrix records governance gate and dispatch-only local GPU triage; dispatch-only checks are not PR protection. | Platform contract/check scope where required and failing closed. | Production runtime, signal, public-safe, fleet, or AI/human disposition authority. | GitHub Actions/verifiers in owning repo. | Dispatch-only checks can be skipped in normal PR flow. | Promote only approved checks into required gates. | [ORG_REQUIRED_CHECKS_MATRIX.yml](ORG_REQUIRED_CHECKS_MATRIX.yml) | @@ -193,3 +193,5 @@ Receipt update: - Recommendation: - Boundary: this is governance/control-board classification only. It does not promote runtime-active, signal-observed, evidence-linked public proof, public-safe, production-ready, fleet-wide, live Splunk, Cribl-routed, Wazuh-routed, AWS-live, autonomous SOC, AI-approved, AI-decided, or analyst-approved claims. ``` + +For `.github#8` and `.github#10`, use `KEEP_OPEN_STANDING_CONTROL` unless Raylee explicitly approves a replacement standing-control artifact. diff --git a/governance/ORG_REQUIRED_CHECKS_MATRIX.yml b/governance/ORG_REQUIRED_CHECKS_MATRIX.yml index 3dfefdc..fd273ef 100644 --- a/governance/ORG_REQUIRED_CHECKS_MATRIX.yml +++ b/governance/ORG_REQUIRED_CHECKS_MATRIX.yml @@ -27,12 +27,17 @@ repos: truth_surface: "Organization control-plane routing and reviewer entry point." required_checks_observed: [] important_non_required_checks: - - "No repo-local workflow directory observed in Phase 1 inspection." - workflow_file: null - job_check_context: null - trigger_path_filter_risk: "No repo-local workflow trigger observed; contract text is soft routing until a future check or review requirement exists." - report_only_versus_fail_closed_status: "soft-routing-only" - next_hardening_gate: "Create an approved org promotion-chain verifier and make it required only after separate approval." + - "command-center-invariants workflow exists as a repo-local verifier route, but it is not proven required by branch protection or ruleset in this file." + workflow_file: + - ".github/workflows/command-center-invariants.yml" + job_check_context: + - workflow_name: "command-center-invariants" + job_id: "command-center-invariants" + job_display_name: null + verifier_command: "python scripts/verify-command-center-invariants.py" + trigger_path_filter_risk: "Path-filtered to command-center route, governance, architecture, wiki, PR-template, workflow, manifest, and verifier changes. It does not run for unrelated assets." + report_only_versus_fail_closed_status: "workflow-control only unless the check is required by branch protection or ruleset and fails closed on violation." + next_hardening_gate: "Make command-center-invariants required only after separate GitHub settings/ruleset approval." - repo_name: "hawkinsoperations-detections" truth_surface: "Detection source truth." required_checks_observed: diff --git a/profile/README.md b/profile/README.md index 949d0a3..731a2e2 100644 --- a/profile/README.md +++ b/profile/README.md @@ -28,7 +28,8 @@ GitHub/org rendering is routing, not proof. Proof records live in [hawkinsoperat | Front-door/status proof ceiling | `SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY` | Applies to command-center and ledger-status routing; HO-DET-001 proof records keep their own proof ceiling. | | Current ledger status | [Lifetime Case Ledger public summary](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/lifetime-case-ledger-v1-public-summary.json) | 4 ledger events, 4 total cases, 0 public-safe cases, 0 closed cases; ledger status remains `NOT_PUBLIC_SAFE`. | | Project operating cockpit | [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) | Canonical private HawkinsOperations Control Board; Project #1 is not an active reviewer route; project metadata is not proof, approval, runtime, signal, public-safe status, or merge authority. | -| Reviewer/demo path | [Start Here](START_HERE.md) and [Reproducible Reviewer Path](../architecture/REPRODUCIBLE_REVIEWER_PATH.md) | Demo routing does not raise the claim ceiling. | +| Reviewer/demo path | [Start Here 30-second path](START_HERE.md#30-second-reviewer-path) and [Reproducible Reviewer Path](../architecture/REPRODUCIBLE_REVIEWER_PATH.md) | Demo routing does not raise the claim ceiling. | +| Command-center invariant check | [`python scripts/verify-command-center-invariants.py`](../scripts/verify-command-center-invariants.py) | Verifier control for route and claim-boundary invariants; it does not create runtime, signal, public-safe, or proof authority. | | Reviewer need | Route | |---|---| @@ -48,6 +49,16 @@ The private org Control Board is the private Project #2 operating cockpit for cu --- +## Fast reviewer paths + +| Time | Route | Boundary | +|---:|---|---| +| 30 sec | Open [Start Here](START_HERE.md), then [Control Status Matrix](../governance/CONTROL_STATUS_MATRIX.md). | Confirms the command center, current ceiling, and blocked claims. | +| 3 min | Follow [Start Here](START_HERE.md) through Project #2, repo authority, standing controls, and the HO-DET-001 proof record. | Project metadata remains coordination-only. Proof stays in `hawkinsoperations-proof`. | +| 10 min | Run the [Reproducible Reviewer Path](../architecture/REPRODUCIBLE_REVIEWER_PATH.md) and the command-center invariant verifier. | Clone-runnable inspection and invariant checks only; no private runtime access or proof promotion. | + +--- + ## The enterprise AI failure mode AI can accelerate security work. It cannot authorize the truth. @@ -130,7 +141,7 @@ The official, bounded reviewer route for the HO-DET-001 detection: source, valid | Field | Value | |---|---| | Public proof ceiling | `CONTROLLED_TEST_VALIDATED` | -| Reviewer package status | `PUBLIC_SAFE_REVIEWER_RELEASE_CANDIDATE` | +| Reviewer package status | `BOUNDED_REVIEWER_RELEASE_CANDIDATE` | | Raw/private runtime evidence | `NOT_PUBLIC_SAFE` | | Public-safe runtime proof | `BLOCKED` | | Rendering of this page | `RENDERING_NOT_PROOF` | @@ -167,7 +178,7 @@ Pick the route that matches your review job. The route changes how you inspect t | Route | Time | What you inspect | Start here | |---|---:|---|---| -| Hiring manager | 3 min | What the system is, what is proven, what stays blocked. | [hawkinsoperations.com](https://hawkinsoperations.com/) | +| Hiring manager | 3 min | What the system is, what is proven, what stays blocked. | [Start Here](START_HERE.md) | | Detection engineer | 10 min | Detection source, validation scope, HO-DET-001 path. | [detections repo](https://github.com/HawkinsOperations/hawkinsoperations-detections) | | SOC automation lead | 10 min | Case packet flow, deterministic checks, CI boundaries, runtime-contract separation. | [validation repo](https://github.com/HawkinsOperations/hawkinsoperations-validation) | | AI governance reviewer | 10 min | Where AI supports labor and where human review authorizes claims. | [proof repo](https://github.com/HawkinsOperations/hawkinsoperations-proof) | @@ -177,7 +188,7 @@ Pick the route that matches your review job. The route changes how you inspect t --- -Org-level reviewer entry point: Cyber Kill Chain coverage lives in `hawkinsoperations-proof` as a public-safe reviewer map. It is not proof authority. +Org-level reviewer entry point: Cyber Kill Chain coverage lives in `hawkinsoperations-proof` as a public route-safe reviewer map. It is not public-safe approval, runtime proof, or proof authority. ## Six truth surfaces diff --git a/profile/START_HERE.md b/profile/START_HERE.md index 8b51454..24e0390 100644 --- a/profile/START_HERE.md +++ b/profile/START_HERE.md @@ -34,14 +34,14 @@ Public claims require reviewed wording, evidence linkage, stale review, and appr ## Reviewer Control Panel -### 90-second command-center path +### 3-minute command-center path 1. Open the [organization profile](./README.md) to see the six-repo command center. -2. Open the [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) for the operating cockpit. Treat it as work coordination only, not proof, approval, runtime state, signal state, public-safe status, or merge authority. Project #1 is not an active reviewer route. -3. Open the [Repository Authority Map](../architecture/REPO_AUTHORITY_MAP.md) to confirm which repo owns each truth surface. -4. Open the [Control Status Matrix](../governance/CONTROL_STATUS_MATRIX.md) to confirm the current claim ceiling and blocked claims. -5. Open the [Standing control registers](../governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) to inspect the maintained blocked-claims register for #10 and enforcement/control-class ledger for #8. -6. Open the [Proof Pack 001 Release](https://github.com/HawkinsOperations/hawkinsoperations-proof/releases/tag/hawkinsoperations-proof-pack-001) and [HO-DET-001 proof record](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/HO-DET-001.md) for proof-owned claim boundaries. +2. Open the [Repository Authority Map](../architecture/REPO_AUTHORITY_MAP.md) to confirm which repo owns each truth surface. +3. Open the [Control Status Matrix](../governance/CONTROL_STATUS_MATRIX.md) to confirm the current claim ceiling and blocked claims. +4. Open the [Proof Pack 001 Release](https://github.com/HawkinsOperations/hawkinsoperations-proof/releases/tag/hawkinsoperations-proof-pack-001) and [HO-DET-001 proof record](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/HO-DET-001.md) for proof-owned claim boundaries. +5. Open the [Standing control registers](../governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) to inspect the maintained blocked-claims register for #10 and enforcement/control-class ledger for #8. Both remain open standing controls unless Raylee approves a replacement standing-control role. +6. If you are reviewing internal operating context, open the [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2). Treat it as work coordination only, not proof, approval, runtime state, signal state, public-safe status, or merge authority. Project #1 is not an active reviewer route. 7. Open the [Reproducible Reviewer Path](../architecture/REPRODUCIBLE_REVIEWER_PATH.md) only if you want clone-runnable inspection steps. Current ledger snapshot: the proof-owned Lifetime Case Ledger public summary records 4 ledger events, 4 total cases, 0 public-safe cases, and 0 closed cases. Ledger status remains `NOT_PUBLIC_SAFE`; front-door/status proof ceiling remains `SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY`. @@ -54,6 +54,13 @@ Current ledger snapshot: the proof-owned Lifetime Case Ledger public summary rec 4. Inspect [hawkinsoperations-proof](https://github.com/HawkinsOperations/hawkinsoperations-proof) for proof records and claim ceilings. 5. Follow source and validation links only inside their stated scope. +### 10-minute reviewer path + +1. Complete the 3-minute command-center path above. +2. Run the [Reproducible Reviewer Path](../architecture/REPRODUCIBLE_REVIEWER_PATH.md) for clone-runnable source, validation, and proof inspection. +3. Run `python scripts/verify-command-center-invariants.py` from the `.github` repo to check command-center route and claim-boundary invariants. +4. Treat verifier success as validation truth only for the checked invariant scope. It does not prove runtime, signal, public-safe, production, Project-board approval, or merge authority. + ### What to click first | Question | Click | @@ -116,7 +123,8 @@ flowchart LR - [PR review authority](../governance/PR_REVIEW_AUTHORITY.md) - merge governance routing; not runtime, signal, evidence, public-safe, or production proof unless backed by rulesets or blocking CI - [Repository authority map](../architecture/REPO_AUTHORITY_MAP.md) - [Control status matrix](../governance/CONTROL_STATUS_MATRIX.md) -- [Standing control registers](../governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) - blocked-claims register for #10 and enforcement/control-class ledger for #8; report-only unless backed by fail-closed controls +- [Standing control registers](../governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md) - blocked-claims register for #10 and enforcement/control-class ledger for #8; remain open standing controls unless Raylee approves a replacement standing-control role; report-only unless backed by fail-closed controls +- [Command-center invariants](../governance/COMMAND_CENTER_INVARIANTS.json) and verifier - route and claim-boundary invariant check; validation truth only for checked scope - [Proof Pack 001 official GitHub Release](https://github.com/HawkinsOperations/hawkinsoperations-proof/releases/tag/hawkinsoperations-proof-pack-001) - bounded reviewer ZIP route for HO-DET-001; ZIP SHA256 `44d8a643aa2b113c9e99be0462e699d39af707a67190823cc05bb381907dc452`; public-safe runtime proof remains BLOCKED - [Proof Pack 001 Discussion](https://github.com/orgs/HawkinsOperations/discussions/32) - official announcement route; rendering is not proof - [Private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) - operating cockpit for current work visibility; Project #1 is not an active reviewer route; not proof authority, merge authority, or project metadata approval diff --git a/scripts/verify-command-center-invariants.py b/scripts/verify-command-center-invariants.py new file mode 100644 index 0000000..194b8cb --- /dev/null +++ b/scripts/verify-command-center-invariants.py @@ -0,0 +1,287 @@ +#!/usr/bin/env python3 +"""Fail-closed checks for the HawkinsOperations .github command center.""" + +from __future__ import annotations + +import json +import re +import sys +from pathlib import Path + + +ROOT = Path(__file__).resolve().parents[1] +MANIFEST_PATH = ROOT / "governance" / "COMMAND_CENTER_INVARIANTS.json" +TEXT_SCOPES = ["README.md", "profile", "architecture", "governance", "wiki", ".github"] + +REQUIRED_TEXT = { + "README.md": [ + ".github is routing/governance only", + "Project #1 is not an active reviewer route", + "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", + "NOT_PUBLIC_SAFE", + "CONTROLLED_TEST_VALIDATED", + ], + "profile/README.md": [ + "Project #1 is not an active reviewer route", + "project metadata is not proof", + "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", + "NOT_PUBLIC_SAFE", + "CONTROLLED_TEST_VALIDATED", + ], + "profile/START_HERE.md": [ + "30-second reviewer path", + "3-minute command-center path", + "10-minute reviewer path", + "Project #1 is not an active reviewer route", + "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", + "NOT_PUBLIC_SAFE", + "CONTROLLED_TEST_VALIDATED", + ], + "governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md": [ + "#10", + "#8", + "KEEP_OPEN_STANDING_CONTROL", + "Do not close unless Raylee explicitly approves replacing the standing-control role", + ], +} + +BLOCKED_CLAIMS = [ + "runtime-active", + "signal-observed", + "evidence-linked public proof", + "public-safe", + "production-ready", + "fleet-wide", + "AWS-live", + "Cribl-routed", + "Wazuh-routed", + "autonomous SOC", + "AI-approved", + "AI-decided", + "analyst-approved", + "live Splunk", +] + +BOUNDARY_WORDS = ( + "blocked", + "blocked_claim", + "blocked public", + "blocked_inherited_truth", + "not ", + "does not", + "does_not", + "do not", + "must not", + "must not claim", + "does not promote", + "does not prove", + "unless", + "boundary", + "guardrail", + "forbidden", + "restricted", + "cannot", + "false", + "claim firewall", + "remains", + "no ", + "without", + "non-public", + "not_public_safe", + "coordination-only", + "report-only", + "separate", + "pending", +) + + +def fail(message: str, errors: list[str]) -> None: + errors.append(message) + + +def read_text(path: Path, errors: list[str]) -> str: + if not path.exists(): + fail(f"missing file: {path.relative_to(ROOT).as_posix()}", errors) + return "" + return path.read_text(encoding="utf-8") + + +def iter_text_files() -> list[Path]: + files: list[Path] = [] + for scope in TEXT_SCOPES: + path = ROOT / scope + if path.is_file(): + files.append(path) + elif path.is_dir(): + files.extend( + p + for p in path.rglob("*") + if p.is_file() and p.suffix.lower() in {".md", ".json", ".yml", ".yaml"} + ) + return sorted(set(files)) + + +def load_manifest(errors: list[str]) -> dict: + text = read_text(MANIFEST_PATH, errors) + if not text: + return {} + try: + manifest = json.loads(text) + except json.JSONDecodeError as exc: + fail(f"manifest JSON parse failed: {exc}", errors) + return {} + if manifest.get("schema") != "hawkinsoperations-command-center-invariants-v1": + fail("manifest schema mismatch", errors) + if not isinstance(manifest.get("invariants"), dict): + fail("manifest invariants must be an object", errors) + return manifest + + +def check_required_files(manifest: dict, errors: list[str]) -> None: + required = manifest.get("required_route_files", []) + if not isinstance(required, list) or not required: + fail("manifest required_route_files must be a non-empty list", errors) + return + for item in required: + rel = Path(str(item)) + if rel.is_absolute() or ".." in rel.parts: + fail(f"invalid required route path: {item}", errors) + continue + if not (ROOT / rel).is_file(): + fail(f"missing required route file: {item}", errors) + + +def check_required_text(errors: list[str]) -> None: + for rel, needles in REQUIRED_TEXT.items(): + text = read_text(ROOT / rel, errors) + lowered = text.lower() + for needle in needles: + if needle.lower() not in lowered: + fail(f"{rel} missing required wording: {needle}", errors) + + +def check_project_boundaries(all_text: str, errors: list[str]) -> None: + required = [ + "Project #2", + "canonical private HawkinsOperations Control Board", + "Project #1 is not an active reviewer route", + "Project metadata remains coordination-only", + ] + lowered = all_text.lower() + for needle in required: + if needle.lower() not in lowered: + fail(f"missing project boundary wording: {needle}", errors) + + forbidden = [ + r"Project #1\s+is\s+an\s+active\s+reviewer\s+route", + r"Project #1.{0,80}canonical", + r"Project metadata\s+is\s+proof", + r"Project metadata.{0,40}merge authority", + r"Project metadata.{0,40}runtime truth", + r"Project metadata.{0,40}signal truth", + r"Project metadata.{0,40}public-safe status", + ] + for pattern in forbidden: + if re.search(pattern, all_text, re.IGNORECASE | re.DOTALL): + fail(f"forbidden project-boundary wording matched: {pattern}", errors) + + +def check_ceiling_boundaries(all_text: str, errors: list[str]) -> None: + required = [ + "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", + "NOT_PUBLIC_SAFE", + "CONTROLLED_TEST_VALIDATED", + "Website/GitHub rendering is not proof", + "GitHub rendering is not proof", + ] + lowered = all_text.lower() + for needle in required: + if needle.lower() not in lowered: + fail(f"missing proof-boundary wording: {needle}", errors) + + forbidden_patterns = [ + r"\brendering\s+is\s+proof\b", + r"\bGitHub rendering\s+is\s+proof\b", + r"\bwebsite rendering\s+is\s+proof\b", + r"PUBLIC_SAFE_APPROVED", + r"PUBLIC_SAFE_STATUS\s*=\s*PUBLIC_SAFE", + ] + for pattern in forbidden_patterns: + if re.search(pattern, all_text, re.IGNORECASE | re.DOTALL): + fail(f"forbidden promotion wording matched: {pattern}", errors) + + +def check_standing_controls(all_text: str, errors: list[str]) -> None: + for issue in ("#8", "#10"): + if issue not in all_text: + fail(f"missing standing control issue reference: {issue}", errors) + if "Do not close unless Raylee explicitly approves replacing the standing-control role" not in all_text: + fail("missing explicit replacement-approval boundary for .github#8/#10", errors) + + +def check_exposure(text_files: list[Path], errors: list[str]) -> None: + token_prefixes = ["AK" + "IA", "ghp" + "_", "github" + "_pat" + "_"] + private_ip = re.compile(r"\b(10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})\b") + drive_path = re.compile(r"\b[A-Za-z]:\\") + private_key = re.compile(r"BEGIN (?:RSA |OPENSSH )?PRIVATE KEY") + for path in text_files: + rel = path.relative_to(ROOT).as_posix() + text = path.read_text(encoding="utf-8", errors="ignore") + for line_no, line in enumerate(text.splitlines(), start=1): + if drive_path.search(line): + fail(f"{rel}:{line_no} exposes a local Windows path", errors) + if private_ip.search(line): + fail(f"{rel}:{line_no} exposes a private IP address", errors) + if private_key.search(line): + fail(f"{rel}:{line_no} exposes a private-key marker", errors) + for prefix in token_prefixes: + if prefix in line: + fail(f"{rel}:{line_no} exposes a token-looking prefix", errors) + + +def check_identity_and_claim_context(text_files: list[Path], errors: list[str]) -> None: + for path in text_files: + rel = path.relative_to(ROOT).as_posix() + lines = path.read_text(encoding="utf-8", errors="ignore").splitlines() + for line_no, line in enumerate(lines, start=1): + lowered = line.lower() + if "hawkinsops" in lowered and not any(marker in lowered for marker in ("legacy", "reference", "v1", "prior", "not current")): + fail(f"{rel}:{line_no} uses HawkinsOps outside legacy/reference context", errors) + for phrase in BLOCKED_CLAIMS: + phrase_pattern = re.compile(rf"(? int: + errors: list[str] = [] + manifest = load_manifest(errors) + check_required_files(manifest, errors) + check_required_text(errors) + + text_files = iter_text_files() + all_text = "\n".join(path.read_text(encoding="utf-8", errors="ignore") for path in text_files) + check_project_boundaries(all_text, errors) + check_ceiling_boundaries(all_text, errors) + check_standing_controls(all_text, errors) + check_exposure(text_files, errors) + check_identity_and_claim_context(text_files, errors) + + if errors: + print("COMMAND_CENTER_INVARIANTS=FAIL") + for error in errors: + print(f"- {error}") + return 1 + + print("COMMAND_CENTER_INVARIANTS=PASS") + print(f"checked_files={len(text_files)}") + return 0 + + +if __name__ == "__main__": + sys.exit(main()) From d8776c563f8f8ff67867198ffb6f81a5f77c5818 Mon Sep 17 00:00:00 2001 From: Raylee Hawkins Date: Sun, 31 May 2026 23:28:17 -0500 Subject: [PATCH 2/2] docs: route reviewer metrics in command center --- governance/COMMAND_CENTER_INVARIANTS.json | 2 ++ governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md | 17 +++++++++++++++++ profile/START_HERE.md | 7 +++++++ scripts/verify-command-center-invariants.py | 9 +++++++++ 4 files changed, 35 insertions(+) diff --git a/governance/COMMAND_CENTER_INVARIANTS.json b/governance/COMMAND_CENTER_INVARIANTS.json index b098901..8c683d4 100644 --- a/governance/COMMAND_CENTER_INVARIANTS.json +++ b/governance/COMMAND_CENTER_INVARIANTS.json @@ -24,6 +24,8 @@ "proof_authority_repo": "hawkinsoperations-proof owns proof records and claim ceilings", "command_center_proof_ceiling": "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", "ledger_public_safe_status": "NOT_PUBLIC_SAFE", + "reviewer_metrics_pipeline": "Reviewer metrics pipeline keeps Lifetime Governed Cases separate from detection activity, validation cases, proof records, blocked claims, and Project Board reconciliation status", + "reviewer_metrics_counts": "Lifetime Governed Cases 4; Detection Activity / controlled validation fire count 49; Validation Case Count 106; Proof Record Count 8; Blocked Claim Count 31", "ho_det_001_public_ceiling": "CONTROLLED_TEST_VALIDATED", "runtime_signal_public_promotions": "runtime-active, signal-observed, evidence-linked public proof, public-safe, production-ready, fleet-wide, AWS-live, Cribl-routed, Wazuh-routed, autonomous SOC, AI-approved, AI-decided, analyst-approved, and live Splunk claims remain blocked unless separately proven and approved", "standing_controls": ".github#8 and .github#10 remain standing controls", diff --git a/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md b/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md index eaeec4d..055e240 100644 --- a/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md +++ b/governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md @@ -154,6 +154,23 @@ Purpose: advances issue [#39](https://github.com/HawkinsOperations/.github/issue - Project #1 is not an active reviewer route; live ProjectV2 lookup did not resolve org Project #1 during the follow-up control-surface cleanup pass. - Board state must not be treated as merge approval, issue closure authority, runtime truth, signal truth, evidence truth, public proof, or public-safe status. +## Reviewer Metrics Pipeline Reconciliation Receipt + +Purpose: gives reviewers a single repo-backed reconciliation row for the "big number without lying" metrics pipeline while preserving the strict Lifetime Case Ledger boundary. + +| Metric / status | Current bounded value | Owning source | Boundary | +| --- | --- | --- | --- | +| Lifetime Governed Cases | 4 | `hawkinsoperations-platform` Lifetime Case Ledger state and `hawkinsoperations-proof` public ledger summary | Strict governed case count only; detection fires do not increase this number. | +| Detection Activity / controlled validation fire count | 49 | `hawkinsoperations-validation` detection activity ledger | Controlled validation activity only; not runtime activity, signal observation, public proof, or governed case append. | +| Validation Case Count | 106 | `hawkinsoperations-validation` validation registry and detection activity ledger | Controlled fixture count only; not production coverage or public-safe proof. | +| Proof Record Count | 8 | `hawkinsoperations-proof` reviewer metrics summary and proof map | Proof-record routing count only; not public-safe approval or claim promotion. | +| Blocked Claim Count | 31 | Reviewer metrics state and proof summary blocked-claim lists | Prevented-promotion visibility only; the blocked claims remain blocked. | +| Project Board reconciliation status | `REPO_BACKED_RECONCILIATION_PLAN_NO_PROJECT_MUTATION` | `.github` standing-control receipts plus platform/proof reviewer metrics state | Project metadata remains report-only and not proof authority; no GitHub Project mutation is performed. | + +Reviewer-facing allowed wording: "HawkinsOperations exposes strict governed cases separately from broader controlled validation, proof, blocked-claim, and Project Board reconciliation activity." + +Blocked wording: do not say detection fires are governed cases, do not describe Project metadata as proof authority, and do not claim runtime-active, signal-observed, public-safe, production-ready, autonomous SOC, AI-approved disposition, analyst-approved disposition, Cribl-routed, Wazuh-routed, AWS-live, fleet-wide, or live Splunk public proof from this pipeline. + ## Dirty Repo State / Repo Hygiene Receipt Purpose: advances issue [#5](https://github.com/HawkinsOperations/.github/issues/5). diff --git a/profile/START_HERE.md b/profile/START_HERE.md index 24e0390..7571d52 100644 --- a/profile/START_HERE.md +++ b/profile/START_HERE.md @@ -46,6 +46,10 @@ Public claims require reviewed wording, evidence linkage, stale review, and appr Current ledger snapshot: the proof-owned Lifetime Case Ledger public summary records 4 ledger events, 4 total cases, 0 public-safe cases, and 0 closed cases. Ledger status remains `NOT_PUBLIC_SAFE`; front-door/status proof ceiling remains `SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY`. +Current Reviewer metrics pipeline snapshot: Lifetime Governed Cases: 4; Detection Activity / controlled validation fire count: 49; Validation Case Count: 106; Proof Record Count: 8; Blocked Claim Count: 31; Project Board reconciliation status: `REPO_BACKED_RECONCILIATION_PLAN_NO_PROJECT_MUTATION`. + +Reviewer metrics boundary: the Lifetime Governed Cases number stays strict and comes from the governed Lifetime Case Ledger route. Detection Activity / controlled validation fire count, Validation Case Count, Proof Record Count, and Blocked Claim Count are separate reviewer activity metrics and must not be counted as governed cases. Project Board reconciliation is repo-backed routing/status only; Project metadata is not proof authority and no GitHub Project mutation is performed by this pipeline. + ### 30-second reviewer path 1. Start with the [organization profile](./README.md) for the system summary. @@ -75,6 +79,7 @@ Current ledger snapshot: the proof-owned Lifetime Case Ledger public summary rec | Where is public rendering? | [hawkinsoperations-website](https://github.com/HawkinsOperations/hawkinsoperations-website) | | Where is the operating cockpit? | [private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) | | Where is the ledger summary? | [Lifetime Case Ledger public summary](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/lifetime-case-ledger-v1-public-summary.json) | +| Where is the reviewer metrics summary? | [Reviewer metrics proof summary](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/reviewer-metrics-pipeline-v1-summary.json) | ### What each repo owns @@ -94,6 +99,7 @@ Current ledger snapshot: the proof-owned Lifetime Case Ledger public summary rec | Proven within current public ceiling | HO-DET-001 source exists and controlled-test validation is recorded for the stated fixture scope. | | Route-safe | GitHub and website surfaces route reviewers to source, validation, and proof records. | | Ledger route-safe | The proof-owned Lifetime Case Ledger public summary routes bounded counts only: 4 events, 4 cases, 0 public-safe cases, 0 closed cases. | +| Reviewer metrics route-safe | The reviewer metrics pipeline routes separate bounded numbers for Lifetime Governed Cases, Detection Activity / controlled validation fire count, Validation Case Count, Proof Record Count, Blocked Claim Count, and Project Board reconciliation status. | | Blocked | Runtime-active, signal-observed, public-safe runtime proof, production-ready, autonomous SOC, AI-approved disposition, analyst-approved disposition, Cribl-routed, Wazuh-routed, AWS-live, fleet-wide, and live Splunk firing claims. | ### What not to infer @@ -129,6 +135,7 @@ flowchart LR - [Proof Pack 001 Discussion](https://github.com/orgs/HawkinsOperations/discussions/32) - official announcement route; rendering is not proof - [Private org Control Board route](https://github.com/orgs/HawkinsOperations/projects/2) - operating cockpit for current work visibility; Project #1 is not an active reviewer route; not proof authority, merge authority, or project metadata approval - [Lifetime Case Ledger public summary](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/lifetime-case-ledger-v1-public-summary.json) - bounded proof-owned count summary; ledger status remains `NOT_PUBLIC_SAFE` +- [Reviewer metrics proof summary](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/reviewer-metrics-pipeline-v1-summary.json) - bounded reviewer metrics route; keeps strict governed cases separate from broader activity counts and Project Board reconciliation status - [HO-DET-001 proof record](https://github.com/HawkinsOperations/hawkinsoperations-proof/blob/main/proof/records/HO-DET-001.md) - [HO-DET-001 runtime packet verifier PR #22](https://github.com/HawkinsOperations/hawkinsoperations-validation/pull/22) - [HO-DET-001 verified runtime match proof PR #14](https://github.com/HawkinsOperations/hawkinsoperations-proof/pull/14) diff --git a/scripts/verify-command-center-invariants.py b/scripts/verify-command-center-invariants.py index 194b8cb..77b7032 100644 --- a/scripts/verify-command-center-invariants.py +++ b/scripts/verify-command-center-invariants.py @@ -32,6 +32,13 @@ "30-second reviewer path", "3-minute command-center path", "10-minute reviewer path", + "Reviewer metrics pipeline", + "Lifetime Governed Cases", + "Detection Activity / controlled validation fire count", + "Validation Case Count", + "Proof Record Count", + "Blocked Claim Count", + "Project Board reconciliation status", "Project #1 is not an active reviewer route", "SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY", "NOT_PUBLIC_SAFE", @@ -40,6 +47,8 @@ "governance/ISSUE_FACTORY_CONTROL_RECEIPTS.md": [ "#10", "#8", + "Reviewer Metrics Pipeline Reconciliation Receipt", + "Detection Activity / controlled validation fire count", "KEEP_OPEN_STANDING_CONTROL", "Do not close unless Raylee explicitly approves replacing the standing-control role", ],