This document outlines the guidelines and requirements for contributions that involve AI-generated code in the OpenJCEPlus project. We welcome the use of AI tools to enhance productivity and code quality, while maintaining strict standards for validation and legal compliance.
AI-generated code is permitted throughout the codebase with proper validation. All AI-assisted contributions must follow the guidelines outlined in this document to ensure code quality, security, and legal compliance.
APPROVED AI TOOL: At this time, only Bob is approved for use in this project. Use of other AI tools is not permitted.
While we embrace AI assistance, contributors must ensure:
- Security: All code, especially cryptographic implementations, must be thoroughly reviewed and tested
- Compliance: Code must be compatible with our project licenses and standards
- Legal Protection: AI-generated code must not reproduce copyrighted or improperly licensed code
- Maintainability: Code must be clear, well-documented, and understandable by human maintainers
- Accountability: Contributors remain fully responsible for all submitted code, regardless of how it was generated
Bob may be used for:
- Cryptographic implementations (with rigorous validation and testing)
- Test code and test utilities
- Build scripts and automation
- Documentation generation and improvement
- Code refactoring and optimization
- Bug fixes and enhancements
- Native interface code (JNI implementations)
- Any code in the project
Before submitting any AI-generated code, you MUST:
- Ensure the code is not copyrighted or licensed outside our project's license
- Check that the code doesn't reproduce proprietary implementations
- Confirm Bob's terms of service allow commercial use and redistribution
- Verify no patent or trademark violations
- Thoroughly understand all AI-generated code before submitting
- Test extensively across all supported platforms
- Verify it follows project coding standards (../style.xml for Java, .clang-format for C)
- Ensure it doesn't introduce security vulnerabilities
- For cryptographic code: verify against known test vectors and standards
- Review for common vulnerabilities (buffer overflows, injection attacks, etc.)
- Ensure proper error handling and input validation
- Ensure all existing tests pass
- Add appropriate test coverage for new functionality
- Verify the code works across all supported platforms:
- Linux (aarch64, amd64, s390x, ppc64le)
- Windows (amd64)
- AIX (ppc64)
- Mac OS X (aarch64, amd64)
- z/OS
- Run performance benchmarks if applicable
Pull requests containing AI-generated code will undergo thorough review:
- CI/CD pipeline must pass all tests
- Code style checks must pass (../checkstyle.xml for Java, .clang-format for C)
- All platforms must build successfully
- Verify that only Bob was used (no other AI tools)
- Legal compliance will be assessed
- Code quality and correctness will be evaluated
- Security implications will be carefully reviewed
- For cryptographic code: additional scrutiny for correctness and standards compliance
- Ensure all code is properly documented
- Verify code follows project documentation standards
- ✅ Use Bob to enhance productivity and code quality
- ✅ Thoroughly understand and review all Bob-generated code
- ✅ Test extensively on all supported platforms
- ✅ Verify cryptographic implementations against standards and test vectors
- ✅ Follow project coding standards and conventions
- ✅ Add comprehensive test coverage
- ✅ Document your code clearly
- ❌ Copy-paste Bob code without understanding it
- ❌ Use any AI tool other than Bob
- ❌ Assume Bob-generated code is correct without verification
- ❌ Skip testing on any supported platform
- ❌ Submit code that violates licenses or copyrights
- ❌ Ignore security warnings or vulnerabilities
- ❌ Forget to validate cryptographic implementations
When using Bob for cryptographic implementations:
- Test Vectors: Validate using known test vectors from standards documents
- Side-Channel Resistance: Review for timing attacks and other side-channel vulnerabilities
- Error Handling: Ensure proper error handling that doesn't leak sensitive information
- Memory Management: Verify proper cleanup of sensitive data
- Peer Review: Cryptographic code should receive additional review from security experts
Failure to follow these guidelines may result in:
- Pull request rejection
- Request to remove code generated by unauthorized AI tools
- Delays in code review and acceptance
- In severe cases, contributor access restrictions
If you discover:
- Use of unauthorized AI tools (anything other than Bob)
- Potential license violations
- Security vulnerabilities in AI-generated code
- Code that doesn't meet project standards
Please report it immediately by:
- Opening an issue in the project repository
- Contacting project maintainers directly
- Following our security policy for security issues
If you're unsure whether your use of Bob complies with these guidelines:
- Ask in the pull request comments before submitting
- Remember: only Bob is approved - do not use other AI tools
- Consult with project maintainers
- Review this document and related project policies
This policy may be updated as AI tools and best practices evolve. Contributors are responsible for staying current with the latest version of this document. Check the git history of this file for recent changes.
- Bob - IBM's AI Assistant
- Project License
- Notices and Attributions
- Security Policy
- Java Style Guide
- C Style Guide
- Contributing Guidelines
Remember: AI is a tool to enhance your work, not replace your responsibility. You remain fully accountable for all code you submit, regardless of how it was generated. When in doubt, ask!