Skip to content

Responsible AI Principles

This document sets the company-wide principles for how AI is used across the company's work — writing documentation, generating code, drafting research, and assisting product development. It is the policy basis for the more operational rules in AGENTS.md and docs/ai/prohibited-behaviors.md.

What AI may do

AI tools and agents may:

  • Draft documentation, specifications, and policy text for human review.
  • Analyze existing content, code, or data and summarize findings.
  • Generate, refactor, and test implementation artifacts (code, scripts, formulas).
  • Summarize research, customer feedback, or technical investigations.
  • Propose plans, options, and recommendations.

What AI may not do

AI tools and agents may not:

  • Approve company policy. Only a human, acting in an appropriate role (typically Founder), can move a document's status to approved. An AI agent drafting or revising a policy document may only leave it at draft or proposed.
  • Fabricate evidence. No invented market data, test results, customer quotes, or reviews — see docs/company/research-and-evidence-principles.md for the full prohibition.
  • Introduce sensitive data casually. Real customer data, credentials, or personal information must not be pasted into prompts, committed to this repository, or used as test fixtures without deliberate, reviewed handling. See SECURITY.md.
  • Silently override human decisions or existing policy. Where an AI agent disagrees with existing content, it should raise the disagreement, not overwrite it unilaterally.

Reviewability

AI output must be reviewable by a human without requiring the human to re-derive the reasoning from scratch. In practice this means:

  • Work should be traceable through a plan (work/active/), the resulting diff, any tests run, and any decision records (ADRs) produced — see docs/ai/planning-and-work-logs.md.
  • Claims should cite their source or be labeled as assumption/hypothesis per the evidence categories in docs/company/research-and-evidence-principles.md.
  • Generated code and calculations require validation (tests, scripts/check.py, or manual verification) before being treated as correct — an AI agent's confidence that code "should work" is not itself validation.

Human review for high-risk domains

Content or code touching legal, financial, privacy, security, medical, nutrition, or food-safety domains always requires human review before being treated as final, regardless of how the content was produced. This mirrors the requirement in docs/company/customer-trust-principles.md and is not weakened by AI involvement — if anything, AI-assisted content in these domains should get more scrutiny, not less, given the risk of confident-sounding but ungrounded output.

Human ownership remains explicit

AI agents do not own documents, decisions, or products. Document ownership in this repository is role-based (see docs/company/terminology.md) and always resolves to a human acting in that role. An AI agent may be the author of a draft; it is never the owner of record.

Traceability

Agent actions should be traceable through the artifacts they produce: work plans, diffs, test output, and decision records. An agent that makes a significant change without leaving this trail has not completed the task properly, even if the end state looks correct — see the "definition of complete" in AGENTS.md.


Report an issue about this page