AI delivery path

AI Coding Governance Hub

A practical path for using specs, prompts, risk registers, and evidence gates to keep AI-assisted coding reviewable.

Open templates Browse resources

Last updated: May 6, 2026

Start Here

Govern the prompt

Prompts should carry allowed scope, forbidden files, acceptance criteria, and the evidence expected before merge.

Open governance guide

Register AI-specific risk

Generated code can expand scope, miss migration safety, weaken permissions, or add unreviewed abstractions. Track it before merge.

Use risk register

Require test evidence

A green diff is not proof. Attach tests, logs, screenshots, rollback notes, and unresolved assumptions to the PR.

Open evidence gates

Decision Matrix

Stage	Example	Review value
Prompt boundary	Allowed files, non-goals, APIs that may not change	Blocks scope drift
Risk register	Auth, data, migration, concurrency, contract, observability, rollback	Makes generated-code risk visible
Evidence gate	Tests, logs, screenshots, reviewer notes, rollback trigger	Turns PR review into behavior verification

Copy-Ready Block

# AI coding review packet

Allowed scope:
- Files:
- Behaviors:
- APIs that must not change:

Acceptance mapping:
- Criterion 1 -> test/log/evidence:
- Criterion 2 -> test/log/evidence:

AI risk register:
- Scope drift:
- Permission risk:
- Data or migration risk:
- Rollback risk:

Human approval:
- Owner:
- Sign-off condition:

How to Use This Hub Before AI-Generated Code Reaches Review

Use this hub when AI is allowed to draft code, tests, or specs, but the team still needs accountable delivery. The important control is not the model name. It is whether the prompt carries a written scope, whether the generated diff stays inside that scope, and whether reviewers receive evidence instead of confidence.

Start by writing the allowed change set before opening the assistant: files, public contracts, data writes, test expectations, and non-goals. Then require the generated output to map back to the acceptance criteria. If a diff changes behavior that the spec did not mention, treat it as scope expansion, even when the code looks useful.

The review step should be stricter for AI-generated work that touches permissions, migrations, billing, API responses, background jobs, or rollback paths. These are the places where plausible code hides the most expensive mistakes. Evidence should be attached before merge, not promised as a follow-up.

Review Rubric

Check	Pass condition
Prompt boundary	Allowed files, behaviors, and non-goals are explicit.
Traceability	Each changed behavior maps to a spec or acceptance criterion.
Risk register	Auth, data, migration, contract, and rollback risks are named.
Evidence gate	Tests, logs, and manual checks are present before merge.
Human owner	Scope and risk acceptance have a named human approver.

Failure Modes to Watch

The assistant is asked to “clean up while you are there.”
Generated tests only prove the generated implementation, not the original behavior requirement.
A risky file changes without a rollback note.
Reviewers approve the PR because the diff looks tidy, not because evidence maps to criteria.

Owner Handoff

The handoff artifact should travel with the PR: prompt boundary, acceptance mapping, risk register, test evidence, and human sign-off. That gives incident reviewers a trail when a generated change behaves differently in production.

Example AI Review Gate

A typical AI-assisted change begins with a prompt such as “add workspace admin bulk disable.” The governance pass should turn that into allowed files, forbidden public API changes, permission rules, audit events, and test evidence. The assistant can draft code, but it should not decide whether suspended users keep API tokens or whether disabling one account cascades to invited seats.

The reviewer should compare the diff with the prompt boundary before reading style. If the assistant edited files outside scope, added a new abstraction, or changed response shape without approval, the PR needs a new spec decision. This is how the team keeps AI useful without letting the tool quietly become the product owner.

Real Scenario Breakdown: AI PR Scope Drift

A common AI failure is not a syntax error. It is a plausible extra refactor that changes behavior outside the approved spec. The governance packet should make that visible before merge.

Diff finding	Risk	Review action
New helper added outside allowed files	Unreviewed abstraction changes shared behavior	Remove or reopen spec with owner approval
API response shape changed	Client contract drift	Require API compatibility review before merge
Tests assert implementation details only	False confidence	Add acceptance-level test that fails when behavior is removed
Rollback note missing	Generated change cannot be safely unwound	Block until rollback trigger and owner are named

Quick Audit Checklist

Before treating this hub as complete for a real team, run a short audit. First, confirm the reader can leave the page with one artifact copied into their workflow. Second, confirm every linked article answers a different question instead of repeating the same definition. Third, confirm the page names a failure mode that would matter in production, not only during planning.

The most useful hubs behave like workbenches. A reader should be able to open the page, choose the relevant path, copy the block, and know what evidence to attach before review. If a hub only explains the topic, it becomes another article. If it helps the reader decide what to do next, it becomes a resource.

AI Coding Governance Articles

How to Write AI Coding Prompts That Follow Your Spec

Give AI tools scope, forbidden changes, acceptance criteria, and evidence expectations before generation starts.

Read article

AI Coding Governance with Spec-Driven Prompts

Define the prompt boundary, audit trail, and review path that make AI output checkable.

Read article

AI Coding Risk Register Before Merge

Track the risks generated code will not flag: auth, data, contracts, migrations, rollback, and observability.

Read article

AI Coding with Test-Evidence Gates

Require meaningful test evidence before generated code reaches production.

Read article

AI Coding PR Review with Acceptance Criteria

Map generated diffs to acceptance criteria and block extra scope.

Read article

Quality Gates for AI-Assisted Development Specs

Use pre-prompt checks, diff review, evidence verification, and human sign-off.

Read article

API Change Management for AI-Generated Clients

Govern API compatibility when downstream code may be generated from stale or incomplete specs.

Read article

Designing API Specs for Agentic Clients

Write specs for LLM-driven callers that need explicit safety, idempotency, and dry-run guidance.

Read article

FAQ

Is this about blocking AI tools?

No. It is about making AI output reviewable by giving the tool a written scope and requiring evidence before generated code reaches production.

What should always stay human-owned?

Scope approval, compatibility decisions, risk acceptance, rollback authority, and final release sign-off should have named human owners.

What belongs in an AI coding spec packet?

Include the allowed files, task boundary, acceptance criteria, contracts, test commands, forbidden changes, and the evidence required before review.

How should an AI-generated pull request be reviewed?

Compare the diff against the spec, run the required tests, check for extra scope, inspect risky branches, and require evidence for every acceptance criterion.

Which changes need extra governance?

Use tighter review for authentication, payments, data migrations, privacy, permissions, destructive actions, and any change with rollback or compliance risk.

When you need to use this today, open a template first, then come back to this hub for review and evidence checks.

Open template library Browse all articles