Skip to content

AI-Use Plan

LMU/COICP Example

AI-Use Plan Example

Define how AI may assist LMU/COICP implementation while preserving engineering responsibility, code review, access-control verification, evidence behavior, AI-output boundaries, and AI Incident Summary disablement.

ES-106 / ES-107 AI Use Engineering Control

Example purpose

This artifact defines how AI may be used during implementation.

AI may assist the engineering process, but it does not replace review, verification, or accountability. Engineers remain responsible for correctness, security, maintainability, evidence behavior, and scope control.

Project

LMU Campus Operations and Incident Coordination Platform

Document control

Field Value
Artifact owner AI reviewer
Primary reviewers COICP Product Engineer, Architecture Review Board chair, IT security reviewer, Compliance reviewer
Status Accepted for ES-106 readiness baseline
Last updated 2026-07-06
Related Engineering Stage ES-106 — Implementation Readiness
Project workspace target docs/project-workspace/implementation/ai_use_plan.md

Implementation context

Field Value
Source design package ES-105 Design
Implementation readiness stage ES-106 — Implementation Readiness
Controlled implementation stage ES-107 — Controlled Implementation
Implementation baseline produced LMU-COICP-IMPL-001
Integrated baseline expected next LMU-COICP-INT-001
Candidate expected after testing LMU-COICP-RC-001
Downstream release posture Internal engineering review only
Planned downstream review environment LMU-COICP Internal Engineering Review Environment
Planned downstream dataset Spring Semester Synthetic Incident Dataset
AI Incident Summary Deferred / disabled
Operational pilot Not approved

AI use position

AI may assist implementation by drafting code, suggesting tests, reviewing edge cases, critiquing implementation plans, and drafting documentation updates.

AI may not replace engineering review or final responsibility.

Allowed AI assistance

  • Generate draft code for low-risk structures.
  • Suggest test cases.
  • Identify edge cases.
  • Review code for clarity.
  • Draft documentation updates.
  • Compare implementation approaches.
  • Suggest failure paths.
  • Help trace work items back to design artifacts.
  • Critique implementation decisions against guardrails.

Prohibited AI assistance

  • Accepting generated code without review.
  • Generating access-control logic without human verification.
  • Generating AI-summary handling without human review of safety boundaries.
  • Introducing new dependencies without engineering approval.
  • Expanding scope beyond ES-105 design.
  • Removing evidence event creation for convenience.
  • Weakening role-based access.
  • Creating official AI-summary behavior without human acceptance.
  • Treating generated tests as sufficient without engineer inspection.
  • Suggesting operational pilot paths during implementation.

High-risk AI areas

Area Risk Required Review
Access control Unauthorized access IT security reviewer
Evidence events Lost auditability Architecture Review Board chair
AI draft summary Unreviewed AI output as official record AI reviewer
Error handling Silent failures COICP Product Engineer
Data model Retention or sensitive data issues Compliance reviewer
Status transitions Invalid workflow state COICP Product Engineer
Emergency-boundary behavior COICP mistaken for emergency workflow Campus Safety liaison
Review/export behavior Evidence leakage IT security reviewer

AI-generated code review rules

  • Reviewer must understand generated code.
  • Reviewer checks traceability to design.
  • Reviewer checks guardrails.
  • Reviewer checks tests or verification.
  • Reviewer rejects code that bypasses evidence, access control, emergency boundaries, or human review.
  • Reviewer confirms generated code does not introduce new scope or dependencies.
  • Reviewer records material AI assistance in PR or AI Assistance Log.

Engineer responsibility statement

AI may assist implementation, but engineers remain responsible for correctness, security, maintainability, safety boundaries, and evidence.
AI Implementation Rule

AI output is never accepted because it looks plausible. It is accepted only after a qualified engineer verifies it against requirements, design, guardrails, tests, and repository evidence.

Continue to Verification Precheck

Define required checks before and during implementation.

Open Verification Precheck →