docs(proof): sharpen proof README front door

[raylee-hawkins]

Summary

Refreshes the proof repo README as a receipt-first front door for HawkinsOperations proof authority. The edit keeps README.md as the only changed file and routes reviewers to existing proof records, release artifacts, maps, metrics, case studies, and verifier commands without creating new proof claims.

Discovery sources reviewed

• README.md
• proof/records/ including HO-DET-001, Runtime Route Proof v1, Lifetime Case Ledger, and metrics records
• proof/cards/, proof/indexes/, proof/maps/
• docs/case-studies/ including HO-DET-001 SOCaaS Pilot Receipt Pack, AI Authority Boundary, Purple Team Closed Loop, and Operations Accomplishment Ledger
• REVIEWER_PACKET.md, RELEASE_MANIFEST.json, SHA256SUMS.txt
• scripts/ verifier routes and .github/workflows/ verifier jobs
• recent git log and open PR state
• recent Operations proof-specific log entries
• public GitHub README rendering
• public website proof route at https://hawkinsoperations.com/proof/ as render-only reviewer context, not proof authority

Files changed

• README.md

Strongest proof receipts surfaced

• Proof Pack 001 release route for HO-DET-001
• HO-DET-001 proof record as the flagship proof route
• Runtime Route Proof v1 private-candidate reviewer route
• Reviewer Proof Map and Lifetime Case Ledger proof chain
• Reviewer Metrics Pipeline v1 route
• HO-DET-001 SOCaaS Pilot Receipt Pack case study
• AI Authority Boundary and Purple Team Closed Loop case studies

Why the README needed tightening

The previous README had the correct proof boundaries, but it led with verifier mechanics, repeated Proof Pack 001 checks, and made the strongest current receipts harder to scan. This pass moves the proof value above the fold, keeps verification immediately visible, and pushes broader boundary tables lower without hiding them.

Current proof ceiling

• HO-DET-001 remains CONTROLLED_TEST_VALIDATED.
• Runtime/private evidence remains NOT_PUBLIC_SAFE unless separately promoted.
• Runtime Route Proof v1 remains PRIVATE_RUNTIME_ROUTE_PROOF_V1_CANDIDATE_PRESERVED and NOT_PUBLIC_SAFE.
• Ledger and reviewer proof map remain SCHEMA_CONTRACT_VERIFIER_EXISTS_ONLY and NOT_PUBLIC_SAFE.

Blocked claims preserved

No runtime-active, signal-observed, public-safe runtime proof, production, SOCaaS deployment, customer deployment, autonomous SOC, AI-approved disposition, AI-decided disposition, analyst-approved disposition, live Splunk, Cribl-routed public proof, Wazuh-routed public proof, AWS-live, fleet-wide, website-as-proof, badge-as-proof, or Project-as-proof claim was promoted.

Validation run

• git diff --check: passed with Git CRLF warning only
• python -B scripts/verify-ho-det-001-proof-integrity.py: passed
• python -B scripts/verify_proof_integrity.py: passed
• python -B scripts/verify-proof-pack-001-release.py: passed
• python -B scripts/verify-runtime-route-proof-v1-private-candidate-map.py: passed
• python -B scripts/verify-reviewer-proof-map.py --platform-root ../hawkinsoperations-platform --github-root ../.github: passed
• python -B scripts/verify-reviewer-metrics-summary.py: passed
• README local-link sanity check: passed
• private/local leakage scan: passed
• blocked-claim context scan: hits reviewed as negative, blocked, not-proven, or boundary-only contexts
• proof pack ZIP verifier: not run because HAWKINSOPERATIONS_PROOF_PACK_001.zip is not present in the local checkout

Intentionally excluded

• No REVIEWER_PACKET.md, RELEASE_MANIFEST.json, proof record, proof map, case study, workflow, script, website, validation, detections, platform, or .github changes
• No new files or generated artifacts
• No public-safe promotion
• No runtime, signal, production, customer, autonomous, AI-disposition, analyst-disposition, or SOCaaS deployment claim expansion

Website rendering note

The current public website proof route was reviewed only to understand what public reviewers see and detect drift. Website rendering remains navigation only and is not proof authority.

[raylee-hawkins]

Proof boundary preserved: this README refresh uses existing proof receipts and verifier routes only. It does not promote runtime-active, signal-observed, public-safe runtime proof, production, SOCaaS deployment, customer deployment, autonomous SOC, AI-approved disposition, AI-decided disposition, analyst-approved disposition, live Splunk, Cribl-routed public proof, Wazuh-routed public proof, AWS-live, fleet-wide, website-as-proof, badge-as-proof, or Project-as-proof claims.

Existing receipts used: Proof Pack 001, HO-DET-001 proof record, Runtime Route Proof v1 private-candidate route, Reviewer Proof Map / Lifetime Case Ledger, Reviewer Metrics Pipeline v1, HO-DET-001 SOCaaS Pilot Receipt Pack, AI Authority Boundary, and Purple Team Closed Loop.

Validation results: git diff --check passed with Git CRLF warning only; HO-DET-001 proof integrity passed; baseline proof integrity passed; Proof Pack 001 release verifier passed; Runtime Route Proof v1 private-candidate verifier passed; Reviewer Proof Map verifier passed; Reviewer Metrics Summary verifier passed; README local-link sanity passed; private/local leakage scan passed; blocked-claim hits were reviewed as negative, blocked, not-proven, or boundary-only contexts. Proof Pack ZIP verifier was not run because the ZIP is not present in the local checkout.

Reviewer impact: README now shows the strongest proof work first, then routes to deterministic verification and claim boundaries without turning the README into a dashboard or widening the proof ceiling.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c68ac6a47e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Point reviewers to the metrics route verifier

For the reviewer metrics route, this command is not enough for a fresh proof checkout: verify-reviewer-metrics-summary.py --help exposes only --summary/--format, but the script then dereferences sibling artifacts such as ../hawkinsoperations-platform and ../.github via platform_metrics_from_summary()/project_reconciliation_from_summary(), so it fails unless those repos are laid out next to this one, and it does not exercise the map/closeout record that carries REVIEWER_METRICS_PIPELINE_V1_CLOSED_REVIEWER_VISIBLE. Reviewers following this new README section will get a failed or incomplete verification path; either list the sibling-repo prerequisite or point this route to scripts/verify-reviewer-metrics-pipeline-closeout.py, which verifies the map and closeout in this repo.

Useful? React with 👍 / 👎.