HO HawkinsOperations Detection Engineering SOC

System architecture

A public map of separated proof planes.

The architecture is designed so source, validation, runtime, signal, evidence, and public proof do not collapse into one unsupported claim.

STATIC_SITE NO_SSR NO_WORKERS_REQUIRED

Public inspection layer

source truth separate
runtime truth separate
signal truth separate
evidence truth separate
public proof separate

System overview

Repo plane separation

Each plane owns a different class of truth. Promotion requires movement through gates, not presentation alone.

  1. 01

    Source Truth

    Source exists and can be reviewed.

    Source does not prove runtime.

  2. 02

    Validation Truth

    A bounded validation path passed.

    Validation does not prove signal.

  3. 03

    Runtime Truth

    Runtime state needs separate evidence.

    Website rendering is not proof.

  4. 04

    Signal Truth

    Signal state needs observed evidence.

    Promotion requires evidence.

  5. 05

    Evidence Truth

    Evidence must be preserved and linked.

    Public claims require promotion.

  6. 06

    Public Proof

    Only explicitly promoted claims belong here.

    The ceiling remains bounded.

Promotion model

Truth Surface Separation

A public claim cannot inherit proof from a different plane. Each plane has its own can-prove and cannot-prove boundary.

Truth Surface Separation

Repo/source truth ≠ validation truth ≠ runtime truth ≠ signal truth ≠ evidence truth ≠ public proof.

Each plane can support a narrower claim than the next one. HawkinsOperations keeps those planes split so a rendered page, passing fixture, or private lab receipt cannot silently become a stronger public claim.

  1. 01

    Source / Repo Truth

    Can prove
    detection source and SPL exist.
    Cannot prove
    a live event fired.
    Current HO-DET-001 status
    source exists.
  2. 02

    Validation Truth

    Can prove
    controlled fixtures passed.
    Cannot prove
    endpoint runtime activity.
    Current HO-DET-001 status
    TEST_VALIDATED_SYNTHETIC_SCOPE.
  3. 03

    Runtime Truth

    Can prove
    system execution in the lab.
    Cannot prove
    public-safe signal by itself.
    Current HO-DET-001 status
    private/not public-promoted.
  4. 04

    Signal Truth

    Can prove
    event, match, or correlation observed.
    Cannot prove
    production or fleet-wide coverage.
    Current HO-DET-001 status
    not claimed publicly.
  5. 05

    Evidence Truth

    Can prove
    receipt, hash, export, or packet exists.
    Cannot prove
    public wording by itself.
    Current HO-DET-001 status
    requires review.
  6. 06

    Public Proof

    Can prove
    reviewed public claim boundary.
    Cannot prove
    raw runtime truth by rendering alone.
    Current HO-DET-001 status
    website rendering is not proof.

Controls

CI and governance enforcement concept

The website can host stable data attributes for scanners, but enforcement still lives in repositories, workflows, and promotion gates.

Open route

Claim firewall

Allowed claims, blocked terms, and wording examples.

Inspect path Open route

Repository map

Where each proof plane lives.

Inspect path Open route

Proof ledger

The flagship HO-DET-001 record and current ceiling.

Inspect path