All templates
publishedVersion 0.2.0Updated 2026-04-25

Agent Authorization Consent

The verbatim consent text shown in the CLI when a contributor authorizes an agent. SHA-256-pinned in the spec. Not chosen by maintainers; it's the load-bearing artifact for the authorize-once flow.

Agent Authorization Consent Statement

Version: 0.2.0

Consent Statement (verbatim, SHA-256 pinned)

The text between the markers below is the legally load-bearing consent. The agentcla CLI displays this exact text to the human authorizer before recording the authorization, and the spec pins its SHA-256 hash to prevent silent drift. Do not edit the text between the markers without bumping the template version in legal/templates/changelog.md and re-pinning the hash in spec/v0.1/authorization.md.

The CLI substitutes three variables before display: <AGENT_NAME>, <SCOPE_PATTERN>, and <EXPIRES_AT>. The substitution is purely textual; the text shown to the contributor (with substitutions applied) is what gets hashed.

I authorize to sign Contributor License Agreements on my behalf for repositories matching , until .

Each signature this agent produces under this authorization is legally equivalent to my own signature. The license grants, warranties, and representations in every CLA so signed flow from me, not from the agent. I, the human authorizer, remain legally responsible for those Contributions.

I may revoke this authorization at any time by running agentcla revoke <AGENT_NAME>. Revocation stops new signatures going forward. Signatures already produced under this authorization remain in effect, because the project and downstream users have already relied on them.

What this means in plain English

You are giving a specific AI agent permission to sign CLAs for you, in advance, within a scope you choose. When that agent later opens a pull request to a covered repository, the project's CLA check sees a valid signature attributed to you, and the PR is treated as if you had signed by hand.

The legal responsibility stays with you, the human. The agent is a tool you operated; the license grants, warranties, and representations in each CLA flow from you. If a Contribution turns out to infringe a third party's rights, or if a representation in the CLA is later shown to be inaccurate, the project and its downstream users may look to you, not the agent, for recourse.

You retain full control. You may revoke at any time using agentcla revoke <AGENT_NAME>. Revocation stops future signatures but does not undo signatures already produced; those remain in effect for the Contributions they covered, because the project and downstream users have already relied on them.

Choose the scope and expiration narrowly. A pattern like github.com/yourname/* and an expiration a few months out is safer than a wildcard with no expiration.

Use this templateView raw markdown
agentcla - the open CLA standard for the agent era