Skip to content

Remove stale prototype framing #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stacknil merged 1 commit into from
Jun 6, 2026
Merged

Remove stale prototype framing #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Latest milestone: [v0.6.0 — fourth demo and config-change investigation](https

| Demo | Input | Deterministic core | LLM role | Main artifacts | Guardrails / non-goals |
| --- | --- | --- | --- | --- | --- |
| [telemetry-window-demo](#telemetry-window-demo) | JSONL / CSV events | Windows<br>Features<br>Alert thresholds | None | `features.csv`<br>`alerts.csv`<br>`summary.json`<br>3 PNG plots | MVP only<br>No realtime<br>No case management |
| [telemetry-window-demo](#telemetry-window-demo) | JSONL / CSV events | Windows<br>Features<br>Alert thresholds | None | `features.csv`<br>`alerts.csv`<br>`summary.json`<br>3 PNG plots | Local demo only<br>No realtime<br>No case management |
| [ai-assisted-detection-demo](demos/ai-assisted-detection-demo/README.md) | JSONL auth / web / process | Normalize<br>Rules<br>Grouping<br>ATT&CK mapping | JSON-only case drafting | `rule_hits.json`<br>`case_bundles.json`<br>`case_summaries.json`<br>`case_report.md`<br>`audit_traces.jsonl` | Human verification required<br>No autonomous response<br>No final verdict |
| [rule-evaluation-and-dedup-demo](demos/rule-evaluation-and-dedup-demo/README.md) | JSON raw rule hits | Scope resolution<br>Cooldown grouping<br>Suppression reasoning | None | `rule_hits_before_dedup.json`<br>`rule_hits_after_dedup.json`<br>`dedup_explanations.json`<br>`dedup_report.md` | No realtime<br>No dashboard<br>No AI stage |
| [config-change-investigation-demo](demos/config-change-investigation-demo/README.md) | JSONL config changes<br>Policy denials<br>Follow-on events | Normalize<br>Risky-change rules<br>Bounded correlation | None | `change_events_normalized.json`<br>`investigation_hits.json`<br>`investigation_summary.json`<br>`investigation_report.md` | No realtime<br>No dashboard<br>No AI stage |
Expand Down Expand Up @@ -161,7 +161,7 @@ Cooldown behavior:

## Scope

This repository is a portfolio prototype, not a production monitoring system.
This repository is a local, reviewer-oriented detection workflow lab, not a production monitoring system.

## Limitations

Expand Down
2 changes: 1 addition & 1 deletion docs/reviewer-brief.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ The other demos emit reviewer-facing artifacts such as `dedup_report.md`, `inves
- no alert routing, dashboarding, or case management
- sample-data driven, not connected to live systems
- no streaming state management
- intentionally small-scope demos rather than a unified monitoring platform
- intentionally small-scope detection workflow demos rather than a unified monitoring platform

## Next milestone

Expand Down
6 changes: 6 additions & 0 deletions tests/test_reviewer_docs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,15 @@ def _read_pyproject() -> dict[str, object]:

def test_reviewer_path_keeps_detection_lab_positioning() -> None:
reviewer_path = _read_repo_file("docs/reviewer-path.md")
reviewer_brief = _read_repo_file("docs/reviewer-brief.md")
normalized = reviewer_path.lower()

assert "controlled detection workflow portfolio" in reviewer_path
assert "not a siem" in normalized
assert "not a dashboard" in normalized
assert "not an unfinished monitoring platform" in normalized
assert "local and file-based" in normalized
assert "small-scope detection workflow demos" in reviewer_brief


def test_reviewer_path_matrix_references_committed_artifacts() -> None:
Expand All @@ -104,12 +106,16 @@ def test_reviewer_path_matrix_references_committed_artifacts() -> None:

def test_readme_links_reviewer_path_and_uses_lab_framing() -> None:
readme = _read_repo_file("README.md")
normalized = readme.lower()

assert "A local, file-based detection workflow lab" in readme
assert "local, reviewer-oriented detection workflow lab" in readme
assert "not a SIEM, dashboard, or monitoring platform" in readme
assert "[`docs/reviewer-pack.md`](docs/reviewer-pack.md)" in readme
assert "[`docs/reviewer-path.md`](docs/reviewer-path.md)" in readme
assert "[`docs/architecture.md`](docs/architecture.md)" in readme
assert "portfolio prototype" not in normalized
assert "mvp only" not in normalized


def test_package_metadata_uses_detection_lab_framing() -> None:
Expand Down
Loading