Standard linting tools do not catch AI-specific compliance risks. Custom static analysis rules, implemented in Semgrep or equivalent, flag coding patterns that are permissible in general software but problematic in high-risk AI systems. The first such rule category flags the direct use of protected characteristic columns (gender, age, ethnicity, disability status) in feature engineering or model training code.

The flag does not mean the code is wrong; it means the use requires documented justification in the feature registry and approval through the CODEOWNERS mechanism. The Semgrep rule pattern matches direct column access on protected characteristic names and produces a warning referencing the relevant AISDP section.

This automated flagging ensures that no use of demographic features enters the codebase without triggering a review. It converts what would otherwise be a procedural expectation (“developers should flag demographic feature use”) into a technical control that fires consistently, regardless of whether the developer remembers the policy. The rule configuration is version-controlled in the repository and referenced in the AISDP as part of the data governance controls.

Key outputs

• Semgrep rule for demographic feature use detection
• Integration with pre-commit hooks and CI pipeline
• Linkage to CODEOWNERS review for flagged code
• Module 4 and Module 6 AISDP documentation