# secure-ai-engineering-framework

A data-boundary framework for using frontier AI and local models in high-security software engineering.

The operating philosophy is simple:

- Use GPT-5.5 for fast, strong code creation when the context is code or sanitized engineering material.
- Use GPT-5.5 Pro for hard coding, security-sensitive architecture, and difficult debugging when the context is external-safe.
- Use the latest Claude Opus policy entry as an independent second reviewer.
- Use a local model for production data, government data, user records, private logs, documents, screenshots, and any data interaction.
- Use a private repo/document index that sends only the context needed for the task.
- Use `secure-code-skill-cascade` for generated code and review.

The boundary is the product: code can move to frontier models after classification and minimization; sensitive data cannot.

![secure-ai-engineering-framework architecture](docs/architecture.png)

```mermaid
flowchart TD
  A["Engineering task"] --> B["Classify context"]
  B --> C{"Context class?"}
  C -->|Code + sanitized context| D["GPT-5.5 / GPT-5.5 Pro coding"]
  C -->|Generated patch| E["Claude Opus second review"]
  C -->|Production, government, user data| F["Local private model"]
  C -->|Secrets| G["Stop + rotate"]
  F --> H["Synthetic mocks / safe summaries"]
  H --> D
  D --> I["secure-code-skill-cascade"]
  E --> I
  I --> J["Tests + audit evidence + residual risk"]
```

## Quick Start

```bash
npm install
npm test
node scripts/classify.mjs --text "export function add(a,b){return a+b}"
node scripts/mock-from-schema.mjs --schema examples/schema/customer-case.schema.json
node scripts/context-pack.mjs --manifest examples/context-manifest.json
node scripts/compose.mjs --scenario production-db-debug
```

## What Is Included

- `skills/secure-ai-engineering/SKILL.md`: root skill for high-security AI engineering.
- `skills/secure-ai-engineering/references/`: focused policy and workflow modules.
- `portable/secure-ai-engineering-framework.md`: portable prompt bundle.
- `secure-ai-engineering.config.json`: model roles, data classes, routes, and controls.
- `scripts/classify.mjs`: lightweight prompt/context classifier.
- `scripts/mock-from-schema.mjs`: deterministic synthetic mock generator.
- `scripts/context-pack.mjs`: minimal context pack builder with classification checks.
- `scripts/compose.mjs`: scenario-specific skill composer.
- `examples/scenarios/`: high-security workflow scenarios.
- `examples/boundary-demos/`: before/after examples for boundary failures and safe alternatives.

## Data Classes

| Class | Route |
| --- | --- |
| `PUBLIC_CODE` | External frontier model allowed. |
| `PRIVATE_REPO_CONTEXT` | External frontier model allowed after minimization and classification. |
| `SENSITIVE_DATA` | Local model only, then synthetic mock or safe summary. |
| `SECRETS` | Block; do not send to any model; rotate if exposed. |

## Model Roles

| Role | Default |
| --- | --- |
| Primary coding | GPT-5.5 |
| Hard coding | GPT-5.5 Pro |
| Second review | Latest Claude Opus policy entry |
| Sensitive data interaction | Local private model |

The model names are policy defaults, not hard-coded API requirements. If a provider changes naming or availability, preserve the role: frontier coder, independent reviewer, or local-private model.

## Module Map

| Module | Use When |
| --- | --- |
| `data-boundary-policy` | Classifying context and deciding whether it can cross the external AI boundary. |
| `model-routing` | Choosing GPT-5.5, GPT-5.5 Pro, Claude Opus, or a local model. |
| `frontier-coding-workflow` | Building external-safe coding prompts from source and sanitized context. |
| `second-reviewer-workflow` | Independent Claude Opus review of generated code and risks. |
| `local-private-data-workflow` | Production data, government records, private logs, documents, and screenshots. |
| `private-context-index` | Minimal private repo/document context packs. |
| `synthetic-mock-generation` | Schema-shaped mocks for external debugging without real data. |
| `secure-code-integration` | Integration with Mirogate `secure-code-skill-cascade`. |
| `audit-evidence` | Route decisions, context classes, review evidence, tests, and residual risks. |
| `government-procurement-controls` | Public-sector/high-security delivery controls. |
| `incident-stop-rules` | Stop, contain, rotate, and restart safely after boundary violations. |

## Example Scenarios

```bash
node scripts/compose.mjs --scenario hard-code-feature
node scripts/compose.mjs --scenario second-review
node scripts/compose.mjs --scenario production-db-debug
node scripts/compose.mjs --scenario government-document-analysis
node scripts/compose.mjs --scenario private-context-pack
node scripts/compose.mjs --scenario incident-hotfix
```

## Limits

This is not a compliance certification, legal opinion, classified-system approval, or guarantee that a workflow is safe for every government or regulated environment. It is a practical engineering framework for keeping AI-assisted development fast while enforcing a hard data boundary.

Primary references:

- OpenAI latest model guidance: https://developers.openai.com/api/docs/guides/latest-model.md
- Anthropic model overview: https://docs.anthropic.com/en/docs/about-claude/models/overview
- NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework
- NIST Generative AI Profile: https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-generative-artificial-intelligence-profile
- OWASP Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/
- Mirogate secure-code-skill-cascade: https://mirogate.com/open-source/secure-code-skill-cascade/

## Security

Please report security issues to `security@mirogate.com`. See `SECURITY.md`.