Definition of Done (AI Edition)
A structured checklist that augments the traditional Definition of Done for teams using AI code generation tools. Addresses AI-specific quality risks: review independence, test authenticity, documentation intent, and security coverage.
Syntax
scrum-master-ai
AI-Enhanced Definition of Done:
[ ] Code reviewed by a human who did not write it (applies regardless of AI involvement)
[ ] For AI-contributed code >30%: reviewer has read and understood the logic, not just the tests
[ ] At least one human-written test covers a non-obvious edge case
[ ] No test consists entirely of AI-generated mocks that mirror the implementation
[ ] Documentation includes the "why" — the decision rationale an AI would not know to capture
[ ] If AI generated documentation, a human who understood the feature has edited it
[ ] AI code handling user input, auth, or external APIs reviewed against OWASP Top 10
[ ] Prompt injection attack surfaces identified for any story involving LLM integration
[ ] Acceptance criteria verified by a human independent of the AI that generated the codeExample
scrum-master-ai
// Sprint retrospective action: update DoD after AI-generated code caused a production bug
previousDod: [
"Code reviewed by one team member",
"Unit tests written and passing",
"Documentation updated"
]
aiAugmentedDod: [
"Code reviewed by a team member who did not write it",
"Reviewer confirmed they understood the logic (not just that tests pass)",
"At least one human-authored edge case test",
"Documentation includes decision rationale, not just behavior description",
"OWASP review for any AI code touching security-sensitive paths"
]
discovery: "The bug was in AI-generated authentication logic. Tests passed. Reviewer approved. No human had read the logic."