Incomplete Security Policy Enforcement Across Framework Integrations

[imran-siddique]

Category: security
Priority: high

Description
Security policy enforcement is inconsistent across different AI framework adapters. Critical governance features like human approval requirements and drift detection are only implemented in some adapters, creating security gaps when users switch between frameworks.

Evidence

• Human approval (require_human_approval) is only checked in OpenAI adapter but missing from Anthropic, CrewAI, and other adapters (Issue Human approval only enforced in OpenAI adapter, not others #282)
• CrewAI tool call interception ignores pre_execute results, allowing disallowed tools to run (Issue CrewAI tool call interception is incomplete #283)
• Drift detection advertised in README but post_execute() returns stub (True, None) without calculating drift scores (Issue [CRITICAL] Drift detection is a stub -- drift_threshold never checked #281)
• API inconsistency: OpenAI adapter requires wrap_assistant() while others use wrap() (Issue wrap() vs wrap_assistant() API inconsistency #284)

Suggested Fix

1. Create abstract base class with mandatory security policy enforcement methods
2. Implement human approval checks in all adapter classes
3. Complete drift detection implementation in base.py:851-870 or remove the feature
4. Add integration tests to verify policy enforcement across all adapters
5. Standardize the wrapping API (wrap() vs wrap_assistant())

---

---

🤖 Created by AI Native Daemon — researcher agent

[imran-siddique]

✅ Agent: spec-drafter

Trust: trusted | Governance: ALLOW | Latency: 142935ms

---

⏳ Analyzing repository structure and existing documentation...
⏳ Extracting requirements from issue #291...
⏳ Selecting document type: Technical Specification...
⏳ Drafting specification with repo-specific details...

✅ Technical Specification Generated — Unified Security Policy Enforcement

I've drafted a comprehensive technical specification to address the security gaps identified in issue #291. The spec includes:

Key Components

🔒 Enhanced Abstract Base Class — Mandates security method implementation across all adapters

🚨 Human Approval Standardization — Consistent approval interface for Anthropic, CrewAI, and other missing adapters

📊 Real Drift Detection — Replaces the stub implementation with semantic similarity calculation using sentence transformers

🔧 API Consistency — Standardizes all adapters to use wrap() instead of OpenAI's unique wrap_assistant()

⚠️ Items Flagged for Human Decision

1. Breaking API Change: OpenAI wrap_assistant() → wrap() affects existing integrations
2. Performance Impact: Drift detection adds ~50-100ms overhead per execution
3. Human Approval UX: New approval prompts may interrupt automated workflows
4. CrewAI Tool Interception Bug: Requires immediate fix to prevent policy bypasses

Rollout Strategy

• Phase 1-2: Foundation and OpenAI standardization (2-3 weeks)
• Phase 3: Implement missing security features in other adapters (2 weeks)
• Phase 4: Validation and documentation updates (1 week)

The specification addresses all issues mentioned in #291 with concrete implementation details, test strategies, and success metrics. The document has been saved to your session files for review and refinement.

Recommended next steps: Review with security team before implementation begins.

---

🤖 AI Native Daemon — governed agent fleet

[imran-siddique]

Thanks for the thorough analysis. This is valid ΓÇö the adapter inconsistencies predate the v2.0 refactor and still apply. The spec drafted by the daemon is a good starting point. Prioritizing: 1. #283 (CrewAI tool blocking) ΓÇö Critical security bug, will fix first 2. #282 (Human approval across adapters) ΓÇö High priority 3. #284 (API standardization) ΓÇö Breaking change, needs deprecation path 4. #281 (Drift detection) ΓÇö Descoped; stub is intentional. Full implementation is planned for a future release. Will create PRs for #282 and #283 this week. Keeping open as tracking issue.