A data-boundary framework for using frontier AI and local models in high-security software engineering.
The operating philosophy is simple:
- Use GPT-5.5 for fast, strong code creation when the context is code or sanitized engineering material.
- Use GPT-5.5 Pro for hard coding, security-sensitive architecture, and difficult debugging when the context is external-safe.
- Use the latest Claude Opus policy entry as an independent second reviewer.
- Use a local model for production data, government data, user records, private logs, documents, screenshots, and any data interaction.
- Use a private repo/document index that sends only the context needed for the task.
- Use
secure-code-skill-cascadefor generated code and review.
The boundary is the product: code can move to frontier models after classification and minimization; sensitive data cannot.
flowchart TD
A["Engineering task"] --> B["Classify context"]
B --> C{"Context class?"}
C -->|Code + sanitized context| D["GPT-5.5 / GPT-5.5 Pro coding"]
C -->|Generated patch| E["Claude Opus second review"]
C -->|Production, government, user data| F["Local private model"]
C -->|Secrets| G["Stop + rotate"]
F --> H["Synthetic mocks / safe summaries"]
H --> D
D --> I["secure-code-skill-cascade"]
E --> I
I --> J["Tests + audit evidence + residual risk"]
npm install
npm test
node scripts/classify.mjs --text "export function add(a,b){return a+b}"
node scripts/mock-from-schema.mjs --schema examples/schema/customer-case.schema.json
node scripts/context-pack.mjs --manifest examples/context-manifest.json
node scripts/compose.mjs --scenario production-db-debugskills/secure-ai-engineering/SKILL.md: root skill for high-security AI engineering.skills/secure-ai-engineering/references/: focused policy and workflow modules.portable/secure-ai-engineering-framework.md: portable prompt bundle.secure-ai-engineering.config.json: model roles, data classes, routes, and controls.scripts/classify.mjs: lightweight prompt/context classifier.scripts/mock-from-schema.mjs: deterministic synthetic mock generator.scripts/context-pack.mjs: minimal context pack builder with classification checks.scripts/compose.mjs: scenario-specific skill composer.examples/scenarios/: high-security workflow scenarios.examples/boundary-demos/: before/after examples for boundary failures and safe alternatives.
| Class | Route |
|---|---|
PUBLIC_CODE |
External frontier model allowed. |
PRIVATE_REPO_CONTEXT |
External frontier model allowed after minimization and classification. |
SENSITIVE_DATA |
Local model only, then synthetic mock or safe summary. |
SECRETS |
Block; do not send to any model; rotate if exposed. |
| Role | Default |
|---|---|
| Primary coding | GPT-5.5 |
| Hard coding | GPT-5.5 Pro |
| Second review | Latest Claude Opus policy entry |
| Sensitive data interaction | Local private model |
The model names are policy defaults, not hard-coded API requirements. If a provider changes naming or availability, preserve the role: frontier coder, independent reviewer, or local-private model.
| Module | Use When |
|---|---|
data-boundary-policy |
Classifying context and deciding whether it can cross the external AI boundary. |
model-routing |
Choosing GPT-5.5, GPT-5.5 Pro, Claude Opus, or a local model. |
frontier-coding-workflow |
Building external-safe coding prompts from source and sanitized context. |
second-reviewer-workflow |
Independent Claude Opus review of generated code and risks. |
local-private-data-workflow |
Production data, government records, private logs, documents, and screenshots. |
private-context-index |
Minimal private repo/document context packs. |
synthetic-mock-generation |
Schema-shaped mocks for external debugging without real data. |
secure-code-integration |
Integration with Mirogate secure-code-skill-cascade. |
audit-evidence |
Route decisions, context classes, review evidence, tests, and residual risks. |
government-procurement-controls |
Public-sector/high-security delivery controls. |
incident-stop-rules |
Stop, contain, rotate, and restart safely after boundary violations. |
node scripts/compose.mjs --scenario hard-code-feature
node scripts/compose.mjs --scenario second-review
node scripts/compose.mjs --scenario production-db-debug
node scripts/compose.mjs --scenario government-document-analysis
node scripts/compose.mjs --scenario private-context-pack
node scripts/compose.mjs --scenario incident-hotfixThis is not a compliance certification, legal opinion, classified-system approval, or guarantee that a workflow is safe for every government or regulated environment. It is a practical engineering framework for keeping AI-assisted development fast while enforcing a hard data boundary.
Primary references:
- OpenAI latest model guidance: https://developers.openai.com/api/docs/guides/latest-model.md
- Anthropic model overview: https://docs.anthropic.com/en/docs/about-claude/models/overview
- NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework
- NIST Generative AI Profile: https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-generative-artificial-intelligence-profile
- OWASP Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/
- Mirogate secure-code-skill-cascade: https://mirogate.com/open-source/secure-code-skill-cascade/
Please report security issues to security@mirogate.com. See SECURITY.md.
