AgentPM™ Terms of Use#
Last updated: November 14, 2025
These Terms of Use (“Terms”) govern your access to and use of AgentPM’s website and registry (the “Site” and “Registry”), public APIs and services, and our open-source CLI and SDKs (together, the “Services”). By accessing or using the Services, you agree to these Terms.
If you do not agree, do not use the Services.
1) Who we are & how to contact us#
AgentPM provides a package registry and tooling for “agent tools” and “agents,” including manifests, signing and attestation, verification, install flows, and related developer features.
Contact: support@agentpackagemanager.com
2) Eligibility & accounts#
You must be at least 16 and legally able to enter contracts. You are responsible for your account, Personal Access Tokens (PATs), device-flow approvals, and safeguarding credentials. Notify us of suspected compromise.
3) Acceptable use#
You agree not to:
- Upload, publish, or distribute malware, malicious code, or content that is illegal, infringing, or violates others’ rights.
- Circumvent security or rate limits, scrape in a way that degrades the Services, or disrupt others’ use.
- Misrepresent identity, namespace ownership, or tool provenance.
- Publish secrets or personal data without consent.
We may monitor, block, or throttle requests to protect the Services.
4) Publishing & public content#
When you publish:
- Your tool/agent artifacts, manifests, signatures, attestations, and version metadata are public by design and may be indexed and cached.
- Versions flagged as Yanked remain visible for auditability but cannot be installed and are excluded from discovery (e.g., search/trending).
- You are solely responsible for your content and for obtaining necessary rights and permissions.
License grant to AgentPM#
You grant AgentPM a worldwide, non-exclusive, royalty-free license to host, reproduce, distribute, display, and make available your published artifacts and related metadata for operating the Registry and Services.
You retain your ownership in your content.
5) Namespaces, signing & attestation#
- Each account can create a user namespace on the Site. Currently, one namespace per user.
- Namespaces control signing mode: off / optional / required.
- To author-sign publishes, you must register your public key as a signer on your namespace (via Site or CLI).
- The Registry creates a registry attestation for every publish.
- If the namespace requires author-signing and a publish lacks a valid author signature, the Registry may reject the publish.
- Consumers may require attestation during install (e.g.,
agentpm install --require_attestation). You acknowledge that missing/invalid signatures or attestations may prevent installs.
6) Security scanning & yanking#
All published artifacts undergo asynchronous malware/threat scanning. If threats are detected, the version is Yanked (not installable). We may also reject artifacts at publish time for size, archive, or path-safety violations. See our Privacy Policy for how we process scan results.
7) CLI & SDK behavior; subprocess execution#
The SDKs run tools in managed subprocesses. You are responsible for how your tools handle inputs, logs, and secrets. The execution contract requires JSON input on stdin and one JSON object on stdout with exit code 0 on success. Misbehavior may cause call failures or rejection by the Services.
8) Tokens, rate limits, and automation#
- You are responsible for PATs you issue and actions taken with them.
- We may set or change rate limits and request quotas.
- Automated access must respect these Terms and our technical controls.
9) Third-party services & dependencies#
Your tools may integrate with third-party services (e.g., LLM vendors, APIs). Those services are governed by their own terms and privacy policies. AgentPM is not responsible for third-party services or failures.
10) Open source components#
The CLI and SDKs are provided under their respective open-source licenses (see the code repositories). If these Terms conflict with an applicable open-source license for those components, the open-source license controls for that component.
11) Privacy#
Our Privacy Policy explains how we collect, use, and share information. By using the Services, you agree to our Privacy Policy.
12) Feedback#
If you provide feedback, ideas, or suggestions, you grant us a non-exclusive, worldwide, royalty-free, perpetual license to use and incorporate it without restriction or compensation.
13) Ownership; reservation of rights#
AgentPM and its licensors own the Services and all related intellectual property. Except for the license you grant in Section 4 and rights that apply under open-source licenses, these Terms do not transfer any IP to you.
14) Changes to the Services#
We may modify, suspend, or discontinue features (including scanning rules, signing requirements, or API behavior) at any time. We will attempt to provide reasonable notice of material changes.
15) Disclaimers#
THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, AGENTPM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE. We do not warrant that the Services will be uninterrupted, secure, or error-free, or that scanning and attestation will detect all threats or prevent all supply-chain risks.
16) Limitation of liability#
TO THE MAXIMUM EXTENT PERMITTED BY LAW, AGENTPM AND ITS AFFILIATES, OFFICERS, EMPLOYEES, AND SUPPLIERS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY. OUR TOTAL LIABILITY FOR CLAIMS ARISING OUT OF OR RELATING TO THE SERVICES WILL NOT EXCEED $100 OR THE AMOUNT YOU PAID TO US IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO LIABILITY, WHICHEVER IS GREATER.
Some jurisdictions do not allow certain disclaimers/limitations; these will apply to the fullest extent permitted.
17) Indemnification#
You will indemnify and hold AgentPM harmless from claims, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from your content, your use of the Services, or your breach of these Terms.
18) Termination#
You may stop using the Services at any time. We may suspend or terminate your access immediately if you violate these Terms, risk the security or integrity of the Services, or create legal exposure for us. Sections that by their nature should survive (e.g., 4–7, 10–19) will survive termination.
19) Governing law & dispute resolution#
These Terms are governed by the laws of the State of Colorado, without regard to conflicts of law rules.
Dispute resolution. Before filing a claim, you agree to try to resolve the dispute informally by contacting us at legal@agentpackagemanager.com. If we cannot resolve it within 30 days, either party may bring a claim in the state or federal courts located in Denver County, Colorado, and you consent to their jurisdiction and venue.
20) Export controls#
You must comply with applicable export control and sanctions laws. You may not use the Services if you are subject to U.S. sanctions or located in an embargoed jurisdiction.
21) Changes to these Terms#
We may update these Terms from time to time. We will post the updated Terms with a new “Last updated” date and, if changes are material, provide additional notice (e.g., banner or email). Your continued use of the Services constitutes acceptance of the updated Terms.
22) Miscellaneous#
- Entire agreement. These Terms and the Privacy Policy are the entire agreement between you and AgentPM regarding the Services.
- Severability. If a provision is unenforceable, the rest remain in effect.
- Assignment. You may not assign these Terms without our prior written consent; we may assign them in connection with a merger, acquisition, or asset sale.
- No waiver. A failure to enforce a provision is not a waiver of the right to do so later.