DocuGardener
← Back to Trust & Compliance

EU AI Act — Article 14

Human Oversight Attestation

Last updated: 2026-04-18

This document attests to DocuGardener's implementation of human oversight measures as required by Article 14 of Regulation (EU) 2024/1689 (the EU AI Act) for General Purpose AI (GPAI) systems.

1. The Human-in-the-Loop Model

DocuGardener is architected so that every AI-generated documentation suggestion requires an explicit human decision before it can take effect. The workflow is:

  1. A developer opens a Pull Request on GitHub making code changes.
  2. DocuGardener's analysis pipeline detects potential documentation drift — places where the code change is inconsistent with existing documentation.
  3. DocuGardener generates a suggested documentation fix and opens a separate Pull Request on GitHub containing only the suggested change.
  4. A human team member reviews the AI-generated PR using normal GitHub code review tools: they can read the diff, request modifications, leave comments, approve, or close (reject) the PR.
  5. The documentation change is merged into the codebase only if a human explicitly merges the PR. DocuGardener never pushes directly to a protected branch.

The Pull Request mechanism is a structural human oversight control, not a procedural policy. DocuGardener has no API access to merge its own PRs. The GitHub branch protection model enforces this at the platform level.

2. What DocuGardener Never Does Automatically

The following actions are architecturally prohibited — they are not configurable options that could be accidentally enabled:

  • Direct push to main/master. DocuGardener only creates branches and opens PRs. It never pushes commits directly to a protected branch.
  • Editing files in a repository without a PR. All changes are delivered as PR diffs. There is no "silent edit" mode.
  • Modifying non-documentation files. DocuGardener's PRs contain only documentation file changes (Markdown, RST, AsciiDoc, etc.). Code files are never modified.
  • Accessing repository content outside of analysis. DocuGardener clones the repository only when a webhook event triggers analysis and discards the clone immediately after.

3. Auto-Merge Feature Disclosure

DocuGardener includes an optional auto-merge feature intended for teams that use AI coding agents (e.g. GitHub Copilot, Cursor, Devin) to generate code. This feature allows DocuGardener's documentation fix PRs to be merged automatically when they accompany an AI-authored code change.

This feature is disabled by default for all tenants.

All of the following conditions must be met for auto-merge to occur:

  • Auto-merge must be explicitly enabled by an organisation Admin in DocuGardener Settings → AI Configuration. Non-admin roles cannot enable this feature.
  • The autoMergeAiDocs: true flag must be set in the tenant's DocuGardener configuration.
  • The triggering Pull Request must be identified as AI-authored (i.e. the PR author matches a configured AI agent identity, or the branch name matches a known AI agent pattern such as copilot/, cursor/, or devin/).
  • Auto-merge applies only to DocuGardener's own documentation-fix PRs — never to the triggering AI-authored code PR itself, and never to any human-authored PR.

When auto-merge is enabled:

  • Every auto-merged PR is recorded in the audit log with actor, timestamp, and commit SHA.
  • Auto-merged changes can be reverted by opening a new PR reverting the merge commit.
  • The feature can be disabled at any time from Settings, taking effect immediately for future PRs.
  • A notification is sent to the organisation's configured notification channel whenever an auto-merge occurs.

4. Audit Trail

Every action taken by DocuGardener — and by users interacting with DocuGardener — is recorded in a tamper-evident audit log. The audit log provides the evidence trail required by Article 12 (record-keeping) and supports Article 14 oversight obligations.

What is logged:

  • All triage actions (approve, dismiss, defer) with actor and timestamp
  • All auto-merge events with PR reference and triggering commit SHA
  • Role and permission changes
  • Settings and configuration changes (including auto-merge enable/disable)
  • Evidence exports and report downloads
  • Login events and session activity

Integrity mechanism: Audit log entries are chained using SHA-256 hashes (each entry includes the hash of the previous entry) to detect any tampering or deletion of records.

Retention: Audit logs are retained for a minimum of 90 days on standard plans. Enterprise plans support configurable retention periods. Logs are exportable by organisation Admins in CSV format from the Audit Log page.

The audit log can be used to demonstrate compliance with Article 14 oversight requirements to competent authorities. DocuGardener will cooperate with supervisory authority investigations on request.

5. Contact

For questions about DocuGardener's Article 14 compliance, human oversight architecture, or to request technical documentation for a supervisory authority:

See also: Trust & Compliance Hub · Model Cards