docs: add AI usage policy for contributors

[derberg]

Description

Adds an AI usage policy for contributors:

• AI-POLICY.md — human authorship/accountability, contributor responsibilities, required Generated-by: disclosure, functions off-limits for automation, and consequences.
• PR template — AI-assistance section (Generated-by: line + "no AI" checkbox).
• verify-ai-disclosure workflow — checks each PR declares one of the two and comments with fix instructions when it doesn't.

AI assistance

• This PR was created with AI assistance — Generated-by: Claude Code (Opus 4.8)
• No AI assistance was used

Summary by CodeRabbit

• Documentation

  • Added an AI usage policy defining disclosure rules, contributor responsibilities, and permitted AI use
  • Updated contributing guidance, README, and PR template to require and explain AI-assistance disclosure

• Chores

  • Added an automated verification workflow that checks PR descriptions for proper AI-disclosure and flags non-compliant submissions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0f3b960

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[asyncapi-bot]

What reviewer looks at during PR review

The following are ideal points maintainers look for during review. Reviewing these points yourself beforehand can help streamline the review process and reduce time to merge.

1. PR Title: Use a concise title that follows our Conventional Commits guidelines and clearly summarizes the change using imperative mood (it means spoken or written as if giving a command or instruction, like "add new helper for listing operations")

   Note - In Generator, prepend feat: or fix: in PR title only when PATCH/MINOR release must be triggered.

2. PR Description: Clearly explain the issue being solved, summarize the changes made, and mention the related issue.

   Note - In Generator, we use Maintainers Work board to track progress. Ensure the PR Description includes Resolves #<issue-number> or Fixes #<issue-number> this will automatically close the linked issue when the PR is merged and helps automate the maintainers workflow.

3. Documentation: Update the relevant Generator documentation to accurately reflect the changes introduced in the PR, ensuring users and contributors have up-to-date guidance.

4. Comments and JSDoc: Write clear and consistent JSDoc comments for functions, including parameter types, return values, and error conditions, so others can easily understand and use the code.

5. DRY Code: Ensure the code follows the Don't Repeat Yourself principle. Look out for duplicate logic that can be reused.

6. Test Coverage: Ensure the new code is well-tested with meaningful test cases that pass consistently and cover all relevant edge cases.

7. Commit History: Contributors should avoid force-pushing as much as possible. It makes it harder to track incremental changes and review the latest updates.

8. Template Design Principles Alignment: While reviewing template-related changes in the packages/ directory, ensure they align with the Assumptions and Principles. If any principle feels outdated or no longer applicable, start a discussion these principles are meant to evolve with the project.

9. Reduce Scope When Needed: If an issue or PR feels too large or complex, consider splitting it and creating follow-up issues. Smaller, focused PRs are easier to review and merge.

10. Bot Comments: As reviewers, check that contributors have appropriately addressed comments or suggestions made by automated bots. If there are bot comments the reviewer disagrees with, react to them or mark them as resolved, so the review history remains clear and accurate.

[coderabbitai]

Ready to act? Review this PR in Change Stack to turn feedback into patch suggestions you can inspect and refine.

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1aae9b91-9740-4ee3-915e-dbd7d8738212

📥 Commits

Reviewing files that changed from the base of the PR and between 674ff01 and b5f3e66.

📒 Files selected for processing (2)

• .github/pull-request-template.md
• CONTRIBUTING.md

✅ Files skipped from review due to trivial changes (2)

• .github/pull-request-template.md
• CONTRIBUTING.md

---

📝 Walkthrough

Walkthrough

This PR establishes an AI disclosure policy and enforcement system: adds AI-POLICY.md, updates CONTRIBUTING.md and README, adds AI-assistance checkboxes to the PR template, and adds a GitHub Actions workflow that verifies PR disclosure and posts guidance or fails the check.

Changes

AI Disclosure Policy and Enforcement

Layer / File(s)	Summary
Policy definition and contributor guidance AI-POLICY.md, CONTRIBUTING.md, README.md	AI-POLICY.md defines AI usage scope, contributor responsibilities, disclosure requirements, and enforcement. CONTRIBUTING.md adds an "AI-Assisted Contributions" section with disclosure expectations and links to the full policy. README.md instructs contributors to review the AI usage policy.
PR template AI disclosure section .github/pull-request-template.md	PR template adds an "AI assistance" section with a policy link, instruction to check exactly one option, a Generated-by: placeholder for materially AI-assisted PRs, and a minor formatting change to the Related issue(s) HTML comment.
Automated CI disclosure verification .github/workflows/verify-ai-disclosure.yml	New verify-ai-disclosure workflow runs on PR lifecycle events, strips HTML comments, checks for the "No AI assistance" checkbox or a non-empty Generated-by: declaration, deletes prior failure comments for compliant PRs, posts/updates a failure comment for non-compliant PRs, and fails the workflow when disclosure is missing.

---

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title uses Conventional Commits format (docs:) in imperative mood and clearly summarizes the main change: adding an AI usage policy for contributors.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/verify-ai-disclosure.yml (1)

65-76: ⚡ Quick win

Enforce mutually exclusive declarations to match template intent.

Current logic accepts both “No AI assistance” and a non-empty Generated-by, but the template requires exactly one declaration. Consider failing when both are present and guiding the author to choose one.

Suggested fix

-            if (noAiChecked || hasGeneratedBy) {
+            if (noAiChecked && hasGeneratedBy) {
+              const conflictMessage = [
+                MARKER,
+                '### ⚠️ Conflicting AI-assistance disclosure',
+                '',
+                'Please choose exactly one option:',
+                '- either check **"No AI assistance was used"**',
+                '- or provide a non-empty `Generated-by:` declaration.',
+              ].join('\n');
+              if (existing) {
+                await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body: conflictMessage });
+              } else {
+                await github.rest.issues.createComment({ owner, repo, issue_number, body: conflictMessage });
+              }
+              core.setFailed(`Conflicting AI-assistance disclosure. See ${policyUrl}`);
+              return;
+            }
+
+            if (noAiChecked || hasGeneratedBy) {
               core.info(
                 hasGeneratedBy
                   ? `AI assistance disclosed: Generated-by: ${generatedByValue}`
                   : 'Declared: no AI assistance used.'
               );

Also applies to: 93-100

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/verify-ai-disclosure.yml around lines 65 - 76, Update the
acceptance logic so the declarations are mutually exclusive: replace the current
if check that allows noAiChecked OR hasGeneratedBy with an exclusive condition
that requires exactly one to be true (XOR between noAiChecked and
hasGeneratedBy); if both are present (noAiChecked && hasGeneratedBy) treat it as
a failure path that posts/retains a guidance comment instructing the author to
choose either “No AI assistance” or a single non-empty Generated-by value (use
generatedByValue for the message) and do not delete existing failure comments;
apply the same XOR enforcement change to the duplicate block that currently
mirrors this logic (the block around the later occurrence referenced in the
review).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@AI-POLICY.md`:
- Around line 41-44: The fenced code block containing the lines "Generated-by:
Claude Code 1.x" and "Generated-by: GitHub Copilot" is missing a language tag
and triggers markdownlint MD040; update the opening fence (the triple backticks
before those lines) to include a language identifier such as text (i.e., change
``` to ```text) so the block is properly tagged and linting passes.

---

Nitpick comments:
In @.github/workflows/verify-ai-disclosure.yml:
- Around line 65-76: Update the acceptance logic so the declarations are
mutually exclusive: replace the current if check that allows noAiChecked OR
hasGeneratedBy with an exclusive condition that requires exactly one to be true
(XOR between noAiChecked and hasGeneratedBy); if both are present (noAiChecked
&& hasGeneratedBy) treat it as a failure path that posts/retains a guidance
comment instructing the author to choose either “No AI assistance” or a single
non-empty Generated-by value (use generatedByValue for the message) and do not
delete existing failure comments; apply the same XOR enforcement change to the
duplicate block that currently mirrors this logic (the block around the later
occurrence referenced in the review).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d63dfab8-6028-4323-880e-a429eb84b651

📥 Commits

Reviewing files that changed from the base of the PR and between 09f31e8 and 9dc703b.

📒 Files selected for processing (5)

• .github/pull-request-template.md
• .github/workflows/verify-ai-disclosure.yml
• AI-POLICY.md
• CONTRIBUTING.md
• README.md

[Adi-204]

@derberg love it! only left one comment

[Adi-204]

@derberg I can't merge the PR needs your or other maintainer review.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud