Responsible AI Usage

AI coding assistants are powerful tools, not autonomous developers. They generate plausible code, but they do not understand anything, including architecture, business rules, or security implications. Treat AI output the same way you would treat code from an unfamiliar Stack Overflow answer: useful as a starting point, but never blindly trusted.

Guiding Philosophy

• You are responsible for every line you commit. AI-generated code carries the same quality, security, and accessibility expectations as hand-written code.
• AI tools should fit into the development pipeline the same way any other tool or framework does: evaluated, configured, and governed.
• Understand the tool's actual capabilities rather than giving in to hype. These are sophisticated pattern-matching systems, not reasoning engines. They do not think. They do not understand. And they definitely do not care. These are solely the responsibilities of the developer.

Approved Uses

AI assistants should be used for:

• Boilerplate and scaffolding: Generating repetitive code patterns, starter templates, or block stubs.
• Documentation: Drafting in-code comments, diagramming, READMEs, and non-technical explanations.
• Test authoring: Writing comprehensive unit and integration tests. AI is particularly good at generating edge-case test scenarios.
• Refactoring suggestions: Identifying opportunities to simplify or modernize code.
• Learning and exploration: Explaining unfamiliar APIs, translating concepts, or exploring alternative approaches.
• Code review preparation: Running AI-assisted pre-reviews to catch obvious issues before requesting a human review.

Required Safeguards

When using AI-generated code, you must:

• Review every line. Read the generated code as carefully as you would read a colleague's PR. Understand what it does and why.
• Watch for silent rule-breaking. AI tools often disable linters, suppress warnings, or skip accessibility attributes to make code pass superficially. This is unacceptable.
• Keep AI-assisted PRs small. Large AI-generated changesets are nearly impossible to review meaningfully. Break work into reviewable units.
• Verify security. AI tools can introduce vulnerabilities like unsanitized inputs, insecure defaults, exposed secrets, or outdated dependency recommendations. It is critical that you stay alert to this.
• Test independently. Do not rely on AI-generated tests alone to validate AI-generated code. Verify behavior manually or write additional human-authored tests.
• Check licensing. AI tools may introduce code from open-source projects with incompatible licenses. While this is a difficult and complex issue not isolated to AI-based code, it can be intensified by these tools. Dependencies should be considered carefully. When in doubt, ask your lead.

Prohibited Practices

The following uses of AI are not permitted:

• Committing code you do not understand. If you cannot explain what the code does line by line, do not commit it.
• Using AI to bypass quality gates. Generated code that disables tests, linters, or accessibility checks is grounds for a reverted PR.
• Submitting unreviewed bulk-generated code. "AI wrote it" is not a valid response to review feedback.
• Pasting proprietary or sensitive data into AI tools that do not have an approved data processing agreement. Verify which tools are approved with your lead before use.
• Generating anything that impersonates users, clients, or stakeholders.

Accountability

• AI-generated code is subject to the same code-review process as all other code.
• If a bug or vulnerability is introduced by AI-generated code, the developer who committed it owns the fix.
• Teams should periodically audit AI-assisted PRs to identify patterns of over-reliance or recurring quality issues.
• Document which AI tool was used in the PR description when a significant portion of the change was AI-assisted.