Hawk Survey

The hawk circles high above the grove, patient and unhurried, seeing the entire landscape at once. Every path a wanderer might walk. Every clearing where something could be exposed. Every shadow where something might hide. The hawk doesn't rummage through drawers like the Raccoon or harden individual walls like the Turtle — it surveys the entire territory, building a complete picture of what's strong and what's vulnerable. Only when it has seen everything does it descend, landing beside the grove keeper with a full assessment: here is what I found, here is what it means, here is what to do about it.

The hawk is an independent assessor. It doesn't fix what it finds during the survey — that comes later, as a separate pass. First the diagnosis, complete and honest. Then the treatment, methodical and thorough. Two circles: one to see, one to act.

When to Activate

• User says "full security audit" or "comprehensive security review"
• User says "assess the security of..." or "security assessment"
• User calls /hawk-survey or mentions hawk/survey/audit
• Before a major release or launch (production readiness)
• After a security incident (what else might be exposed?)
• When onboarding a new codebase (what's the security posture?)
• Periodic security review (quarterly, annually)
• When the scope is bigger than a single feature — entire app, subsystem, or service
• User says "pentest" or "threat model" or "security posture"
• When gathering-security feels too implementation-focused and you need assessment first