Defining Delivery Rules

What delivery rules do

AIDD-17 does not prescribe a delivery process — it gives each project a place to define its own. The process can vary. The definitions must be explicit.

Purpose

Delivery rules explain how work moves from idea to accepted implementation. They tell humans and AI:

• how work is prepared
• when work is ready
• what AI may do
• what AI must not do
• who reviews work
• how work is accepted
• when documentation is updated

Core rule

Teams are free to choose their process. AI is not free to invent one.

What to define

A delivery rules section should define:

• delivery model
• refinement rules
• implementation slice rules
• AI usage rules
• review rules
• approval rules
• documentation update rules
• stop conditions

Examples

Three delivery models, each defined explicitly so AI knows what to follow.

One-day AI-assisted

Delivery model:
The project uses one-day AI-assisted implementation cycles.

Refinement:
Tomorrow's implementation slice is refined before the end of the current day.

Implementation:
AI may only implement the approved slice.

Review:
Human engineers review code, tests, architecture fit, and verification evidence.

Documentation:
Accepted implementation updates the AIDD-17 project definition when design or behaviour changes.

Stop condition:
AI must stop if the slice is missing behaviour, architecture, scope, or verification criteria.

Two-week Scrum sprint

Delivery model:
The project uses two-week Scrum sprints.

Refinement:
Backlog items must be mapped to AIDD-17 behaviours, features, and verification rules before sprint planning.

Implementation:
AI may only assist with items committed to the sprint.

Review:
Changes to authentication, payments, customer data, audit logging, or security rules require human architecture review.

Documentation:
Accepted changes update relevant AIDD-17 sections before sprint closure.

Regulated delivery

Delivery model:
The project uses stage-gated delivery.

Refinement:
Implementation slices must be linked to requirements, controls, architecture decisions, and verification evidence.

Implementation:
AI may draft code and tests but may not approve implementation.

Review:
Security and compliance review is required before merge.

Approval:
Production release follows the existing change-control process.

Stop condition:
AI must stop if a slice affects regulated data and no control mapping exists.

Delivery rules for AI

Include clear AI rules in the delivery section:

ai-delivery-rules.txt

AI may only work on the assigned implementation slice.

AI must not expand scope.

AI must not create new features.

AI must not alter architecture decisions.

AI must not modify authentication, authorization, payments, or customer data handling without explicit approval.

AI must list all assumptions.

AI must list all files changed.

AI must list all tests added or changed.

AI must stop when required information is missing.

Summary

Delivery rules keep AI-assisted work aligned with the team’s chosen way of working.

Caution

AIDD-17 does not lock teams into a process. It locks AI to the process the team has defined.