Hawk, the security agent
Hawk runs Decalyst built-in 20-point security scanner on every diff. It flags path traversal, SQL injection, credential leaks, timing attacks, and OWASP pitfalls. Hawk escalates through Nano, o3, Sonnet, and Opus as severity and scope grow, with manual gates at the highest cost tiers.
Model tiers
| Tier | Trigger | Model |
|---|---|---|
| T1 Quick pattern check | surface-level patterns | GPT-5 Nano |
| T2 Full file OWASP scan | multi-file or ambiguous threat | o3 |
| T3 Auth, payments, crypto | sensitive domains | Claude Sonnet 4.6 |
| T4 Compliance audit | regulatory or architectural review | Claude Opus 4.7 |
Escalation
Manual gate for GPT-5.4 Pro on the hardest issues, never automatic due to cost.
Sample
Security finding
services/upload.ts:88, path traversal via ../, severity high
fix: validate against allowlist of project rootPath