Allowed use
Define which assistants, repositories, data types, and task categories are approved.
AI coding assistant policy
Set clear rules before AI coding assistants spread across the team.
This policy preview gives engineering leaders the decisions to make before AI-assisted delivery spreads across teams. The implementation-ready policy starter is included in the Starter Kit.
Policy decisions
What an AI coding assistant policy should cover
Required review
Set expectations for human review, verification, product acceptance, and release ownership.
Prohibited actions
Prevent unsafe handling of secrets, customer data, production actions, dependencies, and infrastructure.
Need the full policy starter?
The implementation-ready policy starter is part of the AIDLC Team Starter Kit.
Policy sections
What leadership needs to decide
Approved tools
List allowed assistants, account types, data boundaries, and repository access rules.
Data handling
Define what developers may paste into tools and what must stay out of prompts.
Review gates
Set which changes need product, engineering, security, QA, or operations approval.
Evidence
Define what the team must record before AI-assisted changes ship.
FAQ
Policy questions
What should an AI coding assistant policy include?
It should include approved use, prohibited use, data handling, review requirements, test expectations, security gates, dependency rules, and evidence requirements.
Should every AI-assisted PR disclose assistant use?
For material code, configuration, architecture, dependency, or release changes, disclosure helps reviewers understand what evidence to look for.
Who owns AI-generated code?
The human team owns the shipped result. Assistants generate candidate work, but people remain accountable for correctness, safety, compliance, and customer impact.
Related guides