+1 to Paul's suggestion. Regards, Aman Mittal
On Sat, 13 Dec, 2025, 7:25 pm Paul, <[email protected]> wrote: > 👍 Great call, James > > Suggested basic starting AI policy points - > > Agree on highest level framework FIRST (3-5 points), things most everyone > agrees are critical, implement them. > Create sub-group to bring framework details piecemeal for up / down vote > from voting community until full policy exist to add one by one. > Target 4-6 months for initial complete policy. Brevity, practicality and > enforceability is more important than 100% coverage as they become models > for 100% full coverage that is supportable and maintainable. > Set review and update period (6, 9 months or annually), whatever group > thinks is actually supportable. > It should be a long term, calendared project, if community supports it. > Sometimes the raw changes in tech may force acceleration, make sure > flexibility is built into the AI governance plan and system.) > > Suggested minimum starting guidelines / policy framework. If widely > supported, up or down vote to implement THIS method and the 3-5 agreed > starting, practical and enforceable guidelines and set supportable > timelines for completing the policy one addition at a time. > > 1) Disallow more than one active PR under consideration. > 2) *Document the specific AI Agent or Model used, along with the extent > (all or part) of the coding suggestion integrated into the project.* > 3) Summary and *Intent: *Describe what the good does for non-coding > person and the intent. If AI suggestion described what / why it was used. > Example: Total solution, clean up your code, alternative to your code, etc. > This is useful for auditing and suitability analysis and Apache compliance. > 4) *AI coding and system MUST allow for human oversight, intervention, > and determination to prevent or minimize harm. AI should assist, but never > displace human responsibility.* > > *Paul Christison* > *Core Banking / Lending Compliance* > > > On Sat, Dec 13, 2025 at 3:08 AM James Dailey <[email protected]> wrote: > >> Hi Devs >> >> I’d like to propose we put together some guidance and policies within our >> Fineract community for AI assisted and AI generated code. Maybe this needs >> a vote at some point but for now I think it’s useful to discuss. Later I >> think it belongs at the level of coding and process guides. >> >> This is an active area of discussion within the broader open source >> movement and within each project of open source foundation. AI tooling is >> evolving much faster than copyright law and best practices can be written >> so our discussion isn’t a final destination. >> >> First it must be said, all contributors sign an ICLA (individual >> contributor license agreement), which is a legal document. It is required >> for Committers. This states that irrespective of the manner in which >> the PR was created- any auto completing IDE or whatever- the Contributor >> “owns it”. This is at the core of the current ASF policies for ai. Please >> review >> https://www.apache.org/legal/generative-tooling.html#approved-tools-list >> >> I’d like to suggest that we encourage good use of AI tools. For example, >> other >> projects at the ASF are reportedly using AI tools for test coverage. For >> us, this requires some Fineract and financial domain knowledge. >> >> We also have heard of examples of projects being bombarded by new “vibe >> coded” PRs. One way to deal with that is to disallow more than one active >> PR under consideration. >> >> See also >> https://vibe-coding-manifesto.com/. For other considerations. >> >> Thoughts? >> >> Thanks >> >> > > -- > -- > Paul >
