AI CODING CONTROL-PLANE CHECKLIST (ONE-REPO PILOT)

Goal
Stand up an AI-assisted coding workflow that produces reviewable PRs with minimal blast radius, strong CI evidence, and an audit trail.

Scope (choose one)
- A single service repo with good tests, or
- An internal tool repo, or
- A library repo with clear APIs
Avoid auth/payments/core infra for the first pilot.

Week 1 — Boundaries
1) Permissions
- Use least-privilege credentials (prefer GitHub App or fine-grained tokens).
- Start read-only access for discovery; require manual step to open PRs.
- Add path rules: define directories the AI may touch vs. forbidden zones.

2) Data handling
- Confirm vendor settings for data retention and training controls.
- Decide what content is prohibited in prompts (secrets, customer data, incident details).

Week 2 — CI as the authority
3) Deterministic checks
- Ensure lint and unit tests run on every PR.
- Add at least one security-oriented check (dependency scan or secret scan) already used in your org.
- Require green CI before review.

4) PR shape requirements
- Enforce small PRs (one change theme per PR).
- Require a PR template section: “What changed / Why / How tested”.
- Require links to files and functions touched.

Week 3 — Review and audit
5) Review gates
- Require CODEOWNERS or equivalent approval for sensitive paths.
- Require a human reviewer for every AI-authored PR.
- Forbid direct-to-main pushes by any automation.

6) Audit trail
- Store prompts/tool calls (or at minimum: summary + rationale) with the PR.
- Ensure commit attribution is clear (bot account vs human).
- Keep CI run logs accessible for later incident review.

Week 4 — Failure-mode drills
7) Run two drills
- Drill A: Ask the AI to refactor a module and verify it doesn’t cross forbidden paths.
- Drill B: Ask it to update a dependency; verify security checks and review gates behave as expected.

8) Decide keep/change/kill
- Keep if PRs are consistently reviewable and CI evidence is strong.
- Change if PRs are too large, tests are missing, or permissions are too broad.
- Kill if you can’t get a clean audit trail or least privilege.

Operating rules (non-negotiable)
- AI suggests; CI decides; humans approve.
- No secrets in prompts.
- No merge without a failing-then-passing test signal for bug fixes.

Deliverable
By day 30 you should have: (1) a constrained permission model, (2) PR + CI gates, (3) an audit trail, and (4) a clear view of where your SDLC needs tightening.