# Regulated AI software delivery

Let teams use AI coding tools in regulated software delivery while preserving scope control, approval evidence, and audit-ready records.

Canonical: https://hakama.ai/use-cases/regulated-ai-software-delivery/

Published: 2026-05-29
Last updated: 2026-05-29




## Give AI-assisted changes the same control discipline as production work

Regulated software teams can use AI coding tools when the delivery path still proves scope, policy, approvals, checks, and artifact identity. Hakama puts that evidence layer around the repo so AI-assisted work enters the process through a governed control point.

### Summary
- Policy: Rules apply before acceptance
- Evidence: Receipts describe the run
- Commit: Output ties back to the control path




## Controls for regulated AI delivery

The baseline is simple: define what the assistant may do, check the result, require sign-off for risk, and keep the proof.

### Declared scope

The task defines files, dependencies, routes, schema, and systems the work may touch.

### Protected boundaries

Sensitive paths and policy exceptions require checks or approval before the work moves forward.

### Required evidence

Claims about tests, scope, and policy are backed by execution output and receipts.

### Commit enforcement

The repo accepts the change only after the governed run clears the configured rules.




## Evidence regulators and internal reviewers can inspect

### Which policy applied?

The configured rule set for the governed workflow.

### Which risk required sign-off?

Protected path, exception, or change type that triggered approval.

### Which checks supported acceptance?

Execution output and pass or fail state.

### Which change reached delivery?

Commit identity tied to the governed run.




## Govern the AI path before CI sees the result

### Launch AI work under policy

`hakama watch launch claude`

Engineers keep their assistant, while the session runs with scope and risk controls active.

### Validate the finished work

`hakama exec`

Hakama checks the diff against the accepted scope, approvals, and required evidence.

### Hand CI a controlled change

CI remains valuable; it receives a change that already passed the governance checks around AI-assisted work.




## Governance belongs close to the repo

Regulated teams need evidence at the point where code changes. Hakama runs locally around the repo and AI session, keeping policy and receipts close to the files, commands, and commits they describe.

- Scope lives beside the working tree.
- Approval gates trigger during the run.
- Receipts attach to the delivery artifact.




## A stricter version for regulated teams

For the regulated-team path with auditor-facing proof, see [Prove every AI-assisted change was allowed](/use-cases/regulated-software/).



## Test regulated AI delivery controls

Bring one workflow, one repo, and the policies your team already follows. Hakama can show where AI-assisted work passes, fails, and leaves proof.

[Request a pilot](https://hakama.ai/request-a-pilot/)