AI Usage Policy: OrbitTasks Engineering

This policy reflects what we learned in Workshop 5. It will evolve.

---

When AI tools are allowed without disclosure

• Autocomplete suggestions inside the IDE (e.g., Copilot, Cursor autocomplete) that you accept inline as part of writing code.
• AI-assisted research that informs your design but doesn't produce code that ships.
• Refactoring suggestions you fully review before applying.

When AI tools require disclosure in the PR

Disclose by adding the ai-assisted label and a one-line note in the PR description.

• AI-generated code blocks larger than ~10 lines.
• AI-generated test files, partial or whole.
• AI-generated documentation, READMEs, or changelogs.

When AI tools require an additional reviewer

Beyond the disclosure above, request review from a second teammate.

• AI-generated code in apps/api/src/services/auth.service.ts and other security-related modules.
• AI-generated changes to CI/CD workflows.
• AI-generated migrations or schema changes.

When AI tools are not appropriate

Never AI-generate these.

• Anything that handles user-submitted secrets or PII.
• License headers, attribution, or legal text.
• Commit messages or PR descriptions that misrepresent who did the work.

How we keep this policy current

• Reviewed quarterly. The most recent revision date is at the bottom of this file.
• Anyone on the team can open a PR against this policy.
• Major changes (additions or removals from any list above) require team agreement.

Why we have this policy at all

We use AI tools because they make the team faster. We have a policy because unmanaged AI use creates technical debt, security risk, and accountability gaps. The policy is short on purpose. It should not feel onerous.

---

Last reviewed: [date]Owner: [name / team]