Repository-level AI Policy File (AI-POLICY.txt) for Client Compliance

[denniscoorn-paqt]

We work with multiple clients who have different contractual requirements about AI code generation. Some clients explicitly prohibit AI coding agents due to NDAs, regulatory compliance, or IP concerns. Others actively encourage it.

Currently, there's no way to signal these restrictions at the repository level before Gemini CLI starts operating. This creates risk:

• Developers accidentally use Gemini CLI in repos where clients contractually prohibit AI
• No audit trail when violations occur
• All-or-nothing approach: either block AI system-wide or allow it everywhere

This is different from .geminiignore (which controls which files are read) or GEMINI.md (which provides context to the model). We need a pre-execution check that happens before any model interaction.

Proposed Solution

Introduce an AI-POLICY.txt file (similar to robots.txt) that Gemini CLI checks during initialization:

# AI-POLICY.txt
Coding-agent: *
Disallow: /

Reason: NDA with client prohibits AI code generation
Contact: [email protected]

Behavior

1. Developer runs gemini in a repository
2. Before any API calls, CLI checks for AI-POLICY.txt
3. If Disallow: / is present, show warning:

   ⚠️  AI Policy Restriction Detected
   
   This repository prohibits coding agent usage.
   Reason: NDA with client prohibits AI code generation
   Contact: [email protected]
   
   Proceed anyway? (y/N)
   

4. Log the decision for audit purposes

Why This Approach?

• Repository-scoped: Different repos can have different policies (critical for agencies/consultancies)
• Pre-execution: Check happens before the model is involved
• Soft enforcement: Like robots.txt - a gentleman's agreement with audit trail
• Human-readable: Legal teams and clients can verify the policy
• Version-controlled: Policy visible to all team members

Use Cases

• Development agencies: Managing 15+ client projects with varying AI usage policies
• Enterprise teams: Regulatory compliance in healthcare, finance, government sectors
• Gradual AI adoption: Some projects allow AI, others don't - need per-repo control

Downsides Of Existing Solutions?

Solution	Why It Doesn't Work
GEMINI.md	Provides context to the model, but execution has already started
.geminiignore	Controls file access, not usage authorization
System-wide config	Too broad - affects all repos, not individual projects

Bottom line: A simple, clear signal that says "this specific repository has contractual restrictions on AI usage" before any code is generated would be a very useful feature to have.

Thoughts? Would this be useful for others managing multi-client or compliance-sensitive projects?