HawkinsOperationsDetection Engineering SOC

Claim Firewall Intercept Chamber

Pick a bad claim. Watch the ceiling clamp it.

The demo shows how unsupported public wording moves through extraction, evidence ceiling, deterministic verification, human review, and final wording.

BLOCKED
  1. 01AI Draft
  2. 02Claim Extractor
  3. 03Evidence Ceiling
  4. 04Verifier
  5. 05Human Review
  6. 06Output Decision
AI draft / incoming wording

HO-DET-001 is runtime active.

HO-DET-001 controlled validation route
Active stage note

Verifier blocks promotion.

runtime evidenceproof promotionpublic-safe authorization
Safer public wording

HO-DET-001 has controlled validation evidence and runtime claims remain gated.

Quick Start

Run the scanner where the wording lives

CLI

Python module

python -m claimfirewall scan README.md --policy policy/blocked_claims.yml

Console script

claimfirewall scan README.md --policy policy/blocked_claims.yml

Failure Example

What a blocked claim looks like

CONTROLLED RISK CHIPS

Unsafe wording examples

This detection is production ready.

Finding

  • Blocked claim: production maturity
  • Reason: production maturity requires evidence outside wording scan
  • Suggested ceiling: TOOL_FUNCTION_ONLY

GitHub Action

Gate public wording in CI

ACTION GATE

Run the Hoxline Claim Authority scanner in CI to block configured wording before public text ships.

- run: python -m claimfirewall scan . --policy policy/blocked_claims.yml
  with:
    paths: "."
    format: "text"
    exclude: "examples/fail.md policy/blocked_claims.yml"

Claim Transformer

Replace overreach with bounded wording

EVIDENCE BEFORE CLAIMS

Blocked wording

This detection is production ready.

Why it fails

Production maturity requires deployment evidence and explicit review.

Safer wording

This detection has controlled-test validation only.

Blocked wording

AI approved the final disposition.

Why it fails

AI can support analysis, but approval authority remains human.

Safer wording

AI provided support-only triage context. Human review remains authority.

Blocked wording

The website proves signal observation.

Why it fails

Rendering routes reviewers. It does not create signal evidence.

Safer wording

The website routes reviewers to evidence. It does not prove signal observation.

Blocked wording

Coverage is fleet wide.

Why it fails

Coverage breadth requires separate telemetry and deployment evidence.

Safer wording

Coverage breadth is not claimed by this page.

Policy Coverage

The policy watches language families, not just slogans

Blocked / not claimed
production maturityruntime evidencepublic release safetysignal observationautomated SOC claimsAI approval languageanalyst approval languagecustomer rollout evidenceservice availabilitycoverage breadth

Allowed wording examples

  • does not prove production deployment
  • does not claim public release safety
  • support-only AI wording
  • rendering is not proof

Proof Boundary

The tool checks wording. It does not approve claims.

RENDERING_ONLY / TOOL_FUNCTION_ONLY

Claim Firewall is an internal Hoxline Claim Authority enforcement capability that checks wording against configured policy only.

It does not prove detection behavior, runtime telemetry, signal observation, production deployment, public release safety, customer rollout, service availability, AI approval, analyst approval, or final human authorization.

Website proof boundary: This website renders reviewer navigation only. Rendering is not proof authority. The website rendering layer remains separate from evidence.

  • RENDERING_ONLY for this website page.
  • TOOL_FUNCTION_ONLY for the Claim Firewall capability inside Hoxline.
  • No public proof is created by this page.

HawkinsOperations Fit

Utility only, authority stays separate

AUTHORITY MAP

.github

command center and reviewer routing

detections

source truth

validation

behavior validation

platform

control mechanics

proof

proof and claim authority

website

rendering only

hoxline

product front door

Claim Firewall

internal Hoxline capability

Claim Firewall supports claim hygiene as a Hoxline capability. It does not approve claims. Evidence and human review decide truth.

Receipts

Public routes for reviewers

Outcome panel
  • Ceiling: TOOL_FUNCTION_ONLY
  • Website status: RENDERING_ONLY
  • Evidence ceiling gauge: release routes are reviewer navigation, not proof promotion.
  • Promotion gate timeline: green CI is useful status, not approval.
  • AI support remains support. runtime candidate language stays below proof authority.