Governance policy integration: custom rules and severity overrides for security reviews

[imran-siddique]

Proposal: Governance Policy Integration for Security Reviews

Summary

Extend the security review action to support governance policies — configurable rules that define what constitutes a security violation based on organizational context, not just generic vulnerability patterns.

Problem

The current security review action uses Claude to analyze code changes for vulnerabilities, which is great for generic security scanning. However, organizations need:

1. Custom policy enforcement — Different rules for different repos/teams (e.g., "no direct database queries in API controllers", "no eval() in user-facing code")
2. Governance-aware severity scoring — A curl | bash in a CI script is different from curl | bash in a dev utility. Context matters.
3. Tool/command governance — When reviewing agent code, flag agents that call dangerous tools without governance wrappers
4. Audit trail integration — Security review findings should feed into compliance audit trails

Proposed Enhancement

A .github/governance-policy.yaml that the security review action loads:

governance:
  name: org-security-policy
  severity_overrides:
    - pattern: "eval\\("
      context: "user_input"
      severity: critical
    - pattern: "subprocess\\.call"
      context: "hardcoded_args"
      severity: low

  agent_governance:
    require_tool_allowlist: true
    flag_unrestricted_agents: true
    require_audit_trail: true

  custom_rules:
    - name: no-raw-sql-in-controllers
      pattern: "execute\\(.*SELECT|INSERT|UPDATE|DELETE"
      paths: ["src/controllers/**", "src/api/**"]
      severity: high
      message: "Use ORM methods instead of raw SQL in API controllers"

Integration

The security review action would:

1. Load governance-policy.yaml if present
2. Pass governance context to Claude alongside the diff
3. Apply severity overrides based on organizational policy
4. Add governance-specific findings to the review output

Context

We maintain Agent-OS governance framework. Related proposals:

• anthropics/skills #412 — Governance skill for Claude
• anthropics/claude-agent-sdk-python #587 — Governance hooks
• anthropics/claude-plugins-official #415 — Governance plugin

[MaxwellCalkin]

This aligns well with Sentinel AI's policy engine which already supports YAML-based governance policies:

# policy.yaml
block_threshold: high
redact_pii: true
scanners:
  prompt_injection: {enabled: true}
  pii: {enabled: true}
  harmful_content: {enabled: true}
  toxicity: {enabled: true, profanity_risk: low}
  blocked_terms: {enabled: true, terms: ["competitor", "internal-only"]}

from sentinel.policy import Policy

policy = Policy.from_yaml("policy.yaml")
guard = policy.create_guard()
result = guard.scan(code_change)

This could integrate with the security review action — the governance policies define organizational rules, and the scanner applies them deterministically alongside the model-based review. We submitted PR #81 that adds prompt injection hardening to the review pipeline, and adding policy-driven rules would be a natural extension.

Key capabilities that map to this proposal:

• Custom blocked terms: organization-specific terminology/patterns
• Severity overrides: configurable block thresholds per scanner
• PII redaction policies: auto-redact specific PII types
• Deterministic enforcement: regex-based, ~0.05ms latency, no model dependency

[imran-siddique]

Closing - project moved to microsoft/agent-governance-toolkit. Will re-submit fresh proposals from the Microsoft repo. Thank you!