Responsible AI Principles¶
This document sets the company-wide principles for how AI is used across the company's work — writing documentation, generating code, drafting research, and assisting product development. It is the policy basis for the more operational rules in AGENTS.md and docs/ai/prohibited-behaviors.md.
What AI may do¶
AI tools and agents may:
- Draft documentation, specifications, and policy text for human review.
- Analyze existing content, code, or data and summarize findings.
- Generate, refactor, and test implementation artifacts (code, scripts, formulas).
- Summarize research, customer feedback, or technical investigations.
- Propose plans, options, and recommendations.
What AI may not do¶
AI tools and agents may not:
- Approve company policy. Only a human, acting in an appropriate role (typically Founder), can move a document's
statustoapproved. An AI agent drafting or revising a policy document may only leave it atdraftorproposed. - Fabricate evidence. No invented market data, test results, customer quotes, or reviews — see
docs/company/research-and-evidence-principles.mdfor the full prohibition. - Introduce sensitive data casually. Real customer data, credentials, or personal information must not be pasted into prompts, committed to this repository, or used as test fixtures without deliberate, reviewed handling. See
SECURITY.md. - Silently override human decisions or existing policy. Where an AI agent disagrees with existing content, it should raise the disagreement, not overwrite it unilaterally.
Reviewability¶
AI output must be reviewable by a human without requiring the human to re-derive the reasoning from scratch. In practice this means:
- Work should be traceable through a plan (
work/active/), the resulting diff, any tests run, and any decision records (ADRs) produced — seedocs/ai/planning-and-work-logs.md. - Claims should cite their source or be labeled as assumption/hypothesis per the evidence categories in
docs/company/research-and-evidence-principles.md. - Generated code and calculations require validation (tests,
scripts/check.py, or manual verification) before being treated as correct — an AI agent's confidence that code "should work" is not itself validation.
Human review for high-risk domains¶
Content or code touching legal, financial, privacy, security, medical, nutrition, or food-safety domains always requires human review before being treated as final, regardless of how the content was produced. This mirrors the requirement in docs/company/customer-trust-principles.md and is not weakened by AI involvement — if anything, AI-assisted content in these domains should get more scrutiny, not less, given the risk of confident-sounding but ungrounded output.
Human ownership remains explicit¶
AI agents do not own documents, decisions, or products. Document ownership in this repository is role-based (see docs/company/terminology.md) and always resolves to a human acting in that role. An AI agent may be the author of a draft; it is never the owner of record.
Traceability¶
Agent actions should be traceable through the artifacts they produce: work plans, diffs, test output, and decision records. An agent that makes a significant change without leaving this trail has not completed the task properly, even if the end state looks correct — see the "definition of complete" in AGENTS.md.