AI Policy

The goal of this policy is to empower developers to use Artificial Intelligence (AI) and Large Language Models (LLMs) to increase velocity, automate boilerplate, and solve complex problems while maintaining the security, integrity, and intellectual property of the company.

Approved Tooling

Public/Free Tools

Use of free or public AI models (where data may be used for training) is strictly prohibited for any task involving proprietary code, internal documentation, or customer data.

Data Privacy & Security

To prevent accidental data leaks, the following "Never-Paste" rules apply to all AI interactions:

  • No PII: Never input Personally Identifiable Information (customer names, emails, addresses).

  • No Secrets: Never input API keys, database credentials, or environment variables.

  • No Core IP: Avoid pasting sensitive proprietary algorithms or unique business logic. If debugging is needed, "sanitize" the snippet by using generic variable names and removing context that identifies the project.

Code Quality & Accountability

AI is a tool for assistance, not a replacement for engineering judgment.

  • Human-in-the-Loop: The developer who commits code is 100% responsible for its correctness, security, and performance. AI-generated code must be read and understood, not just "tabbed" into existence.

  • Mandatory Testing: All AI-assisted logic must be covered by automated tests. AI can be used to help write these tests, but they must pass in the local and CI/CD environments.

  • Security Scanning: All code, regardless of origin, must pass existing linting and static analysis (SAST) checks.

Accountability & Verification

  • The "Author" Standard: The developer who submits a Pull Request is the legal and technical "author" of the code. "The AI wrote it" is not an acceptable justification for bugs or security flaws.

  • Execution Requirement: Never commit AI-generated code that has not been executed in a local development environment.

  • Human-Readable Requirement: If a developer cannot explain exactly what an AI-generated function does during a code review, that code cannot be merged.

Best Practices for Productivity

Developers are encouraged to use AI for the following high-value tasks:

  • Boilerplate Generation: Creating repetitive structures, such as Data Transfer Objects (DTOs) or basic CRUD controllers.

  • Refactoring & Explanation: Asking the AI to explain complex legacy functions or suggest more idiomatic ways to write a block of code.

  • Documentation: Generating initial drafts for READMEs, inline comments, and API documentation.

  • Translation: Converting logic between different programming languages or frameworks.

Transparency

PR Acknowledgement

If a significant portion of a Pull Request (e.g., >50%) was generated by AI, it is best practice to note this in the description to alert reviewers to pay closer attention to edge cases.

Got a project in mind?

Let's Talk