docs(proof): expand governance saves ledger

[raylee-hawkins]

Summary

Expands the HawkinsOperations Governance Saves ledger with a dedicated May 2026 promotion-control evidence section covering where governance stopped unsafe merge, publication, public-proof, stale-truth, dirty-state, website-route, runtime-claim, and disposition-claim promotion paths.

Refresh status

• Refreshed against current origin/main after proof PR HO-DET-001 SOCaaS Pilot Receipt Pack #62, proof PR [codex] Record HO-DET-001 SOCaaS Pilot Receipt Pack final ledger #63, and proof PR [codex] Add HO-DET-001 reviewer handoff #64 landed.
• Current refreshed head SHA: c50540653cd98d9ea7b83a64ddb29ab56e8c2eb7.
• Changed-file scope remains exactly the two governance-saves files.

Changed files

• docs/governance-saves/GOVERNANCE-SAVES-CANDIDATES.md
• docs/governance-saves/GOVERNANCE-SAVES-EVIDENCE-MATRIX.md

Governance saves added

• GS-071: PR docs(proof): update governance saves evidence lane #59 draft-stop respected before mark-ready / merge.
• GS-072: Green checks not treated as merge authority.
• GS-073: PR fix(proof): redact local logbook paths from governance saves #60 public proof path-redaction gate.
• GS-074: Public issue-body path exposure held public-surface readiness partial until cleanup.
• GS-075: Generated Python cache / dirty branch state blocked telemetry merge and cleanup flow.
• GS-076: Platform issue Record HO-DET-001 synthetic validation proof #2 stale Cribl truth reconciled instead of promoted.
• GS-077: RS003 Cribl route boundary stayed narrow and non-public.
• GS-078: Website dirty state kept website-dependent work separate from proof and SOCaaS packet work.
• GS-079: AI support-only boundary preserved human authority.
• GS-080: Aggregate blocked-claim ceiling recorded as report-only, not a countable production save.

Control type explanation

• REAL_CONTROL: used only where work actually stopped on dirty/generated state or verifier-enforced AI support boundaries.
• SOFT_ENFORCEMENT: used where visible governance review, PR packets, or issue-truth reconciliation stopped promotion or overclaiming.
• REPORT_ONLY: used for the aggregate claim-ceiling row because it documents a boundary and should not be inflated into a counted save.

SOCaaS transfer value

Each new row includes a transfer line that maps the save to SOCaaS detection governance: blocking stale detection status, separating internal telemetry from customer-safe proof, requiring human approval before AI-supported triage becomes disposition, and preventing website or issue-tracker drift from becoming customer-facing truth.

Claim boundary

This PR keeps proof records below runtime, signal, public-safe, production, customer, fleet, autonomous, AI-disposition, and analyst-disposition promotion. Human review remains authority, and green CI remains validation evidence only.

Validation commands and results

• git diff --check: passed
• python -B scripts\verify_detection_proof_status_index.py: passed
• python -B scripts\verify_proof_integrity.py: passed
• python -B scripts\verify-ho-det-001-proof-integrity.py: passed
• python -B scripts\verify-proof-pack-001-release.py: passed
• python -B scripts\verify-proof-pack-001-zip.py --check: passed

Private/path scan result

Required scan over the changed governance-saves files returned zero email, local path, private IP, secret-assignment, private/person-name, exact forbidden contact/call label, and generated-file hits. Blocked-risk terms appear only in blocked, not-claimed, route-name, or no-claim contexts.

Explicit non-claims

This PR does not claim production prevention, customer deployment, SOCaaS deployment or availability, public-safe runtime proof, autonomous SOC, AI-approved disposition, analyst-approved disposition, FortiSIEM integration proven, or broad live telemetry proof.

[raylee-hawkins]

Governance-saves ledger completion update:

• Pushed commit 48633e745d5dfe2fb7df2b91e73dbb1f19a7ca01 to feature/governance-saves-ledger-expansion.
• Scope remains limited to docs/governance-saves/GOVERNANCE-SAVES-CANDIDATES.md and docs/governance-saves/GOVERNANCE-SAVES-EVIDENCE-MATRIX.md.
• GS-081 through GS-083 were reviewed as claim-control entries, not production/runtime proof.
• Proof boundary review passed: no private/local path exposure, no proof ceiling promotion, and forbidden terms appear only in blocked/not-claimed/do-not-claim contexts.
• Validation passed:
  • python -B scripts\verify_detection_proof_status_index.py
  • python -B scripts\verify_proof_integrity.py
  • python -B scripts\verify-ho-det-001-proof-integrity.py
  • python -B scripts\verify-proof-pack-001-release.py
  • python -B scripts\verify-proof-pack-001-zip.py --check
  • git diff --check
  • targeted forbidden-claim scan
  • manual schema checklist

Proof ceiling remains unchanged: this PR documents governance claim-control behavior only. It does not claim production deployment, live SOC operation, runtime-active detection, signal-observed detection, customer impact, financial savings, autonomous AI security authority, AI-approved disposition, or analyst-approved disposition.

[raylee-hawkins]

Governance Saves Ledger Expansion merge gate rechecked.

• Branch refreshed against current main.
• Changed files remain scoped to the governance-saves ledger.
• Validations passed.
• Proof boundaries remain below runtime, signal, public-safe, production, customer, fleet, autonomous, AI-disposition, and analyst-disposition promotion.
• Green CI remains validation evidence only, not merge authority.
• No private/path/raw-evidence leakage found.

Ready for governed merge.