Definition of Done (AI Edition)

A structured checklist that augments the traditional Definition of Done for teams using AI code generation tools. Addresses AI-specific quality risks: review independence, test authenticity, documentation intent, and security coverage.

Syntax

scrum-master-ai
AI-Enhanced Definition of Done:

[ ] Code reviewed by a human who did not write it (applies regardless of AI involvement)
[ ] For AI-contributed code >30%: reviewer has read and understood the logic, not just the tests
[ ] At least one human-written test covers a non-obvious edge case
[ ] No test consists entirely of AI-generated mocks that mirror the implementation
[ ] Documentation includes the "why" — the decision rationale an AI would not know to capture
[ ] If AI generated documentation, a human who understood the feature has edited it
[ ] AI code handling user input, auth, or external APIs reviewed against OWASP Top 10
[ ] Prompt injection attack surfaces identified for any story involving LLM integration
[ ] Acceptance criteria verified by a human independent of the AI that generated the code

Example

scrum-master-ai
// Sprint retrospective action: update DoD after AI-generated code caused a production bug

previousDod: [
  "Code reviewed by one team member",
  "Unit tests written and passing",
  "Documentation updated"
]

aiAugmentedDod: [
  "Code reviewed by a team member who did not write it",
  "Reviewer confirmed they understood the logic (not just that tests pass)",
  "At least one human-authored edge case test",
  "Documentation includes decision rationale, not just behavior description",
  "OWASP review for any AI code touching security-sensitive paths"
]

discovery: "The bug was in AI-generated authentication logic. Tests passed. Reviewer approved. No human had read the logic."