fix: address critical and high audit findings

CRITICAL: Drift detection — post_execute() now checks drift_score
against drift_threshold and emits POLICY_VIOLATION on breach.

HIGH: CrewAI tool interception — pre_execute() result now checked,
raises PolicyViolationError when governance blocks a task.

HIGH: Human approval enforcement — added require_human_approval
check to anthropic_adapter and crewai_adapter (was OpenAI-only).

MEDIUM: Exception handling — annotated bare except blocks with
noqa comments explaining intentional suppression.

Type safety: confidence and drift_score comparisons now guard
against non-numeric types (e.g., MagicMock in tests).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

src/agent_os/integrations/anthropic_adapter.py

@@ -317,6 +317,11 @@ def create(self, **kwargs: Any) -> Any:
                             f"Tool not allowed: {tool_name}"
                         )
 
+                if self._kernel.policy.require_human_approval:
+                    raise PolicyViolationError(
+                        f"Tool '{tool_name}' requires human approval per governance policy"
+                    )
+
         # Post-execute bookkeeping
         self._kernel.post_execute(self._ctx, response)
 

src/agent_os/integrations/base.py

@@ -801,8 +801,8 @@ def emit(self, event_type: GovernanceEventType, data: Dict[str, Any]) -> None:
         for cb in self._event_listeners.get(event_type, []):
             try:
                 cb(data)
-            except Exception:
-                pass  # Don't let listener errors break governance flow
+            except Exception:  # noqa: BLE001 — listener errors must not break governance flow
+                pass
 
     def pre_execute(self, ctx: ExecutionContext, input_data: Any) -> tuple[bool, Optional[str]]:
         """
@@ -838,7 +838,7 @@ def pre_execute(self, ctx: ExecutionContext, input_data: Any) -> tuple[bool, Opt
         # Check confidence threshold
         if self.policy.confidence_threshold > 0.0:
             confidence = getattr(input_data, 'confidence', None)
-            if confidence is not None and confidence < self.policy.confidence_threshold:
+            if isinstance(confidence, (int, float)) and confidence < self.policy.confidence_threshold:
                 reason = (
                     f"Confidence {confidence:.2f} below threshold "
                     f"{self.policy.confidence_threshold:.2f}"
@@ -850,12 +850,28 @@ def pre_execute(self, ctx: ExecutionContext, input_data: Any) -> tuple[bool, Opt
 
     def post_execute(self, ctx: ExecutionContext, output_data: Any) -> tuple[bool, Optional[str]]:
         """
-        Post-execution validation.
+        Post-execution validation including drift detection.
         
         Returns (valid, reason) tuple.
         """
         ctx.call_count += 1
 
+        # Drift detection: compare output against policy threshold
+        if self.policy.drift_threshold > 0.0:
+            drift_score = getattr(output_data, 'drift_score', None)
+            if isinstance(drift_score, (int, float)) and drift_score > self.policy.drift_threshold:
+                reason = (
+                    f"Drift score {drift_score:.2f} exceeds threshold "
+                    f"{self.policy.drift_threshold:.2f}"
+                )
+                self.emit(GovernanceEventType.POLICY_VIOLATION, {
+                    "agent_id": ctx.agent_id,
+                    "timestamp": datetime.now().isoformat(),
+                    "reason": reason,
+                    "drift_score": drift_score,
+                })
+                return False, reason
+
         # Checkpoint if needed
         if ctx.call_count % self.policy.checkpoint_frequency == 0:
             checkpoint_id = f"checkpoint-{ctx.call_count}"

src/agent_os/integrations/crewai_adapter.py

@@ -18,7 +18,7 @@
 
 logger = logging.getLogger(__name__)
 
-from .base import BaseIntegration, GovernancePolicy, ExecutionContext
+from .base import BaseIntegration, GovernancePolicy, ExecutionContext, PolicyViolationError
 
 logger = logging.getLogger(__name__)
 
@@ -121,9 +121,17 @@ def _wrap_agent(self, agent):
                     def governed_execute(task, *args, **kwargs):
                         task_id = getattr(task, 'id', None) or str(id(task))
                         logger.info("Agent task execution started: crew_name=%s, task_id=%s", crew_name, task_id)
-                        self._kernel.pre_execute(self._ctx, task)
+                        if self._kernel.policy.require_human_approval:
+                            raise PolicyViolationError(
+                                f"Task '{task_id}' requires human approval per governance policy"
+                            )
+                        allowed, reason = self._kernel.pre_execute(self._ctx, task)
+                        if not allowed:
+                            raise PolicyViolationError(f"Task blocked: {reason}")
                         result = original_execute(task, *args, **kwargs)
-                        self._kernel.post_execute(self._ctx, result)
+                        valid, drift_reason = self._kernel.post_execute(self._ctx, result)
+                        if not valid:
+                            logger.warning("Post-execute violation: crew_name=%s, task_id=%s, reason=%s", crew_name, task_id, drift_reason)
                         logger.info("Agent task execution completed: crew_name=%s, task_id=%s", crew_name, task_id)
                         return result
                     agent.execute_task = governed_execute

src/agent_os/integrations/openai_adapter.py

@@ -252,8 +252,8 @@ def cancel_run(self, thread_id: str, run_id: str, client: Any):
                 thread_id=thread_id,
                 run_id=run_id
             )
-        except Exception:
-            pass  # Run may already be complete
+        except Exception:  # noqa: BLE001 — best-effort cancel, run may already be complete
+            pass
 
     def is_cancelled(self, run_id: str) -> bool:
         """Check whether a run has been cancelled via :meth:`cancel_run`.