{"name":"CapitalGuard Client Code AI Access Register","version":"1.0.0","updatedAt":"2026-07-15","canonical":"https://capitalguard.io/guides/client-code-ai-security-checklist","purpose":"A blank template for documenting authorized AI-tool access to client code without publishing client or repository data.","limitations":["This template does not prove that a client authorized AI use.","It does not inspect provider systems or certify provider behavior.","Completed records can contain sensitive project metadata and should remain in an authorized private system."],"checklist":[{"id":"authorize","label":"Authorize","title":"Confirm the client approved the exact use","action":"Record the repository, AI tool, account or workspace, task, data categories, and approved operator before the first prompt. A general software contract is not the same as approval for a new AI processing path."},{"id":"reduce","label":"Reduce","title":"Create the smallest useful workspace","action":"Use a dedicated branch, worktree, or sanitized copy. Remove production exports, customer records, credentials, private keys, support logs, and unrelated repositories before opening the workspace in the AI tool."},{"id":"restrict","label":"Restrict","title":"Start read-only and block consequential actions","action":"Keep deployment, billing, identity, permission, package-publish, database-mutation, and external-upload actions behind explicit human approval. Disable network or external tools unless the task requires them."},{"id":"verify","label":"Verify","title":"Check the control on the surface you will actually use","action":"Verify retention, training, indexing, ignored paths, agent mode, CLI behavior, MCP tools, and sandbox settings for the exact product surface. A provider control may not apply to every mode."},{"id":"observe","label":"Observe","title":"Review changes and preserve a short evidence trail","action":"Inspect the diff, commands, tool calls, network destinations, and generated files. Record unexpected access requests and require a human decision before merging or releasing the result."},{"id":"close","label":"Close","title":"Remove temporary access at handoff","action":"Revoke temporary tokens, remove local copies, close external sessions, and record whether any credential needs rotation. Keep only the minimum evidence the client has authorized you to retain."}],"fields":[{"key":"project_id","label":"Project ID","purpose":"A non-sensitive reference that ties the record to the authorized client engagement."},{"key":"client_authorization_ref","label":"Authorization reference","purpose":"Where the client's approval for this AI-assisted task is recorded."},{"key":"repository_scope","label":"Repository scope","purpose":"The repository, branch, worktree, or sanitized copy the tool may reach."},{"key":"ai_tool_surface","label":"AI tool and surface","purpose":"The exact editor, CLI, cloud agent, chat, or security-review surface in use."},{"key":"account_or_workspace","label":"Account or workspace","purpose":"The provider account or managed workspace whose policies apply."},{"key":"task_purpose","label":"Task purpose","purpose":"The specific outcome the client authorized."},{"key":"data_categories","label":"Data categories","purpose":"The types of code, configuration, personal data, logs, or documents present."},{"key":"excluded_paths","label":"Excluded paths","purpose":"Files and directories removed or blocked from AI access."},{"key":"allowed_actions","label":"Allowed actions","purpose":"Read, edit, test, or other actions approved for the task."},{"key":"blocked_actions","label":"Blocked actions","purpose":"Deploy, publish, rotate, delete, bill, grant access, or other actions the agent must not take."},{"key":"network_access","label":"Network access","purpose":"Whether outbound access is disabled, allowlisted, or unrestricted."},{"key":"external_tools","label":"External tools","purpose":"MCP servers, connectors, browsers, shells, or other systems available to the agent."},{"key":"provider_controls_checked_at","label":"Controls checked at","purpose":"When retention, training, privacy, indexing, and permission settings were verified."},{"key":"human_approver","label":"Human approver","purpose":"The person responsible for consequential decisions."},{"key":"session_started_at","label":"Session start","purpose":"When authorized AI access began."},{"key":"session_closed_at","label":"Session close","purpose":"When temporary access, tokens, and copies were removed."},{"key":"credential_rotation_required","label":"Rotation required","purpose":"Whether observed exposure requires credential rotation or another follow-up."},{"key":"evidence_notes","label":"Evidence notes","purpose":"A short, non-sensitive record of checks, exceptions, and approvals."}],"blankRecord":{"project_id":"","client_authorization_ref":"","repository_scope":"","ai_tool_surface":"","account_or_workspace":"","task_purpose":"","data_categories":"","excluded_paths":"","allowed_actions":"","blocked_actions":"","network_access":"","external_tools":"","provider_controls_checked_at":"","human_approver":"","session_started_at":"","session_closed_at":"","credential_rotation_required":"","evidence_notes":""},"primarySources":[{"provider":"Anthropic","control":"Claude Code permissions and sandboxing","documentedBoundary":"Claude Code supports allow, ask, and deny rules. Anthropic documents permissions and sandboxing as complementary controls and warns that bypass mode skips permission prompts.","url":"https://code.claude.com/docs/en/permissions","checkedAt":"2026-07-15"},{"provider":"Cursor","control":"Privacy mode, indexing, and ignored paths","documentedBoundary":"Cursor documents that code data is sent to its servers for AI features, explains privacy-mode handling, and describes .cursorignore as a best-effort exclusion for selected paths.","url":"https://www.cursor.com/security","checkedAt":"2026-07-15"},{"provider":"GitHub","control":"Copilot content exclusion","documentedBoundary":"GitHub supports content exclusion on selected Copilot surfaces, but its documentation says the exclusion does not cover Copilot CLI, the cloud agent, or IDE agent mode.","url":"https://docs.github.com/en/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot","checkedAt":"2026-07-15"},{"provider":"OpenAI","control":"Codex Security repository review","documentedBoundary":"OpenAI documents that Codex Security analyzes an enabled GitHub repository and its history, recommends beginning with a focused repository set, and keeps proposed changes subject to human review.","url":"https://help.openai.com/en/articles/20001107-codex-security","checkedAt":"2026-07-15"},{"provider":"NIST","control":"Generative AI risk management","documentedBoundary":"NIST's Generative AI Profile frames controls as a risk-management decision tied to the user's goals, risk tolerance, resources, and data-governance obligations.","url":"https://www.nist.gov/itl/ai-risk-management-framework","checkedAt":"2026-07-15"}]}