Terms of Service.

Service

The AgentChute hosted dashboard, API, and any cloud-curated security feeds (e.g., compromised-package deny-list, CVE feed) provided to a paying Customer. Excludes AgentLint OSS.

AgentLint OSS

The open-source linter at github.com/mauhpr/agentlint, MIT-licensed. Governed by its MIT license, not by these Terms.

Customer

The legal entity that creates an AgentChute account or pays for a paid tier.

Customer Code

Code, configuration, secrets, infrastructure, and other resources owned or controlled by Customer.

AI Coding Agent

Any third-party or customer-controlled AI coding system, assistant, workflow, script, CLI, IDE extension, or model-connected tool that can suggest, edit, run, install, delete, expose, or deploy code or commands.

Agent Action

Any command, file change, package operation, network request, workflow step, or other action attempted, suggested, approved, blocked, or performed by an AI Coding Agent or by a user acting with that agent.

Output

Any rule violations, recommendations, blocked actions, audit log entries, or other Service responses.

AgentChute provides an additional layer of protection over AI coding agents by surfacing potential security and safety concerns based on patterns and curated threat-intelligence feeds. It is one input among many in a mature engineering security posture.

What AgentChute does: applies pattern-based and feed-backed rules at lint time, surfaces potential issues to developers and security teams, aggregates events for org-wide visibility, exports audit logs.

What AgentChute does not control:AI Coding Agents run in Customer's environment, under permissions and workflows Customer configures. AgentChute does not operate, supervise, host, or control those agents and does not guarantee that an Agent Action will be blocked, allowed, prevented, reverted, or correctly classified.

What AgentChute does NOT do, and Customer must not rely on it to do:

• Replace code review, automated testing, manual security audits, penetration testing, or compliance certifications.
• Detect all vulnerabilities, secrets, malicious code, supply-chain attacks, or unsafe AI agent actions. Pattern-based detection is inherently incomplete.
• Guarantee that any specific issue will be caught, blocked, or correctly classified.
• Prevent loss, corruption, or unauthorized exposure of Customer Code or data.
• Prevent destructive, incorrect, unauthorized, or unexpected actions by ChatGPT, Claude, Gemini, Cursor, Codex, local scripts, MCP tools, or any other AI Coding Agent or automation layer.
• Validate that third-party feed data (GHSA, OSSF malicious packages, URLhaus, gitleaks, StevenBlack) is accurate, complete, or current. We mirror these sources in good faith but do not control or warrant them.
• Function as the last line of defense in any production system.

Frame the Service correctly: AgentChute is one control layer in a broader engineering and security process. Customer agrees to maintain all other layers of its security, permissioning, review, backup, and quality posture independent of AgentChute.

Customer must not (and must not permit any user to):

• Use AgentChute as the sole control for any compliance-mandated process (e.g., SOC 2 CC7.2 system monitoring, HIPAA §164.312, PCI DSS Requirement 6). AgentChute can be part of a control system but not the only component.
• Deploy AgentChute in High-Risk Activities — any context where Service failure could foreseeably result in death, personal injury, severe environmental damage, or catastrophic financial loss. This explicitly includes medical devices, life-support systems, aviation control, nuclear facilities, or weapons systems.
• Reverse-engineer, decompile, or extract the cloud-curated feed data for redistribution.
• Submit content that infringes third-party rights, contains malware, violates applicable law, or contains personal data not authorized for processing.

AgentChute is currently offered through a private beta application and manual onboarding process. Submitting an application does not guarantee access, response time, support level, feature availability, or continued availability of the beta.

We may accept, defer, limit, suspend, or end beta access at any time, especially while the product, hosting, monitoring, billing, and support processes are still being finalized. The beta is intended for evaluation and feedback, not production-critical reliance.

Unless we separately agree in writing, beta access does not include uptime commitments, service credits, custom security review, dedicated support, or data-processing terms for regulated production workloads.

Customer represents and acknowledges that:

• Customer remains solely responsiblefor the security, quality, correctness, and operational behavior of Customer Code, including any code AI agents produce or modify on Customer's systems.
• Customer maintains independent layers of defense including (but not limited to): code review, automated testing, CI security scanning, manual security audits, secret rotation policies, least-privilege agent permissions, sandboxing, approval gates for destructive actions, backup and recovery procedures, and incident response plans.
• Customer evaluates each AgentChute Output before acting on it. False negatives (issues we missed) and false positives (incorrect blocks) are inherent to pattern-based rules.
• Customer is responsible for configuring AI Coding Agents, developer machines, repositories, CI systems, package managers, cloud accounts, and deployment workflows so that an unsafe Agent Action cannot cause unacceptable damage if AgentChute misses it or is unavailable.
• Customer has authority to bind its organization to these Terms and to permit AgentChute to process Customer-related metadata (rule IDs, severity tags, timestamps, tool names, team/access identifiers, and file path metadata needed to explain events — never source code, never raw secrets) as described in the Privacy Policy.
• Customer will not rely on AgentChute Output as legal, regulatory, or compliance advice.

THE SERVICE AND AGENTLINT OSS ARE PROVIDED “AS IS” AND “AS AVAILABLE”, without warranties of any kind, whether express, implied, statutory, or otherwise. To the maximum extent permitted by applicable law, we disclaim all warranties including without limitation:

• Implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
• Any warranty arising from course of dealing, course of performance, or trade usage.
• Any warranty that the Service will be uninterrupted, error-free, secure, or that defects will be corrected.
• Any warranty regarding the accuracy, completeness, reliability, or timeliness of Output, including third-party feed data.
• Any warranty that AgentChute will detect or prevent any specific security issue, vulnerability, malicious action, data loss, or operational incident.

Some jurisdictions do not allow the exclusion of certain warranties; in such jurisdictions the disclaimers above apply to the maximum extent permitted.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AGENTCHUTE OR ITS AFFILIATES, OFFICERS, EMPLOYEES, OR CONTRACTORS BE LIABLE FOR:

• Any indirect, incidental, special, consequential, exemplary, or punitive damages.
• Loss of profits, revenue, business opportunity, goodwill, data, or use, even if advised of the possibility of such damages.
• Damages resulting from third-party feed data inaccuracies, omissions, or delays.
• Damages resulting from AI coding agents' behavior, regardless of whether AgentChute did or did not detect or block the agent's action.
• Damages resulting from Customer's decision to deploy, ship, or merge code that AgentChute approved, flagged, blocked, or made no determination about.

Aggregate cap.AgentChute's total cumulative liability arising out of or relating to these Terms, the Service, or AgentLint OSS — whether in contract, tort, strict liability, or otherwise — shall not exceed the greater of (a) the amounts actually paid by Customer to AgentChute in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred US dollars ($100).

For users of AgentLint OSS who are not paying customers, our total cumulative liability shall not exceed one hundred US dollars ($100).

These limitations are essential elements of the basis of the bargain between AgentChute and Customer. They apply regardless of whether the limited remedy is found to have failed of its essential purpose.

Customer agrees to indemnify, defend, and hold harmless AgentChute and its affiliates from any third-party claims, losses, damages, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Customer's use of the Service or AgentLint OSS.
• Customer Code, including any AI-generated code in Customer's systems.
• Customer's violation of these Terms, Acceptable Use, or applicable law.
• Any operational decision Customer made (or did not make) based on AgentChute Output.
• Customer's deployment of AgentChute in non-permitted contexts (see Section 03 — High-Risk Activities).

AgentChute will indemnify Customer for third-party claims that the Service, when used in compliance with these Terms, infringes a US copyright, trademark, or trade-secret right — up to the liability cap in Section 06.

AgentLint OSS is licensed separately under the MIT License. The MIT License governs your use of the OSS code, not these Terms. The MIT License contains its own warranty disclaimer and liability limitation, which apply to OSS use.

When AgentLint OSS consults AgentChute's cloud-curated feeds (if you have a paid AgentChute account), the feed consultation is governed by Sections 02–06 of these Terms.

See our Privacy Policy for full detail.

Data minimization is the architectural default. AgentLint OSS runs on Customer machines. Only metadata — rule IDs, severities, timestamps, tool names, team/license identifiers, and file path metadata needed to explain events — is transmitted to the AgentChute Service. Source code, secrets, prompts, and agent outputs are not intentionally transmitted.

For Enterprise tier customers, a separate Data Processing Agreement (DPA) will be executed before any data covered by GDPR, CCPA, HIPAA, or similar frameworks is processed.

AgentLint OSS is free under its open-source license. AgentChute is currently in private-beta application and preview mode. Any paid beta, team plan, or enterprise plan will be governed by the pricing and Order Form terms presented at the time of purchase.

Pricing shown on the marketing site, if any, is indicative until paid tiers launch. Customers will be notified of material pricing changes at least 30 days before the change takes effect.

All fees are non-refundable except where explicitly required by applicable law.

Customer may cancel at any time via the dashboard or by emailing hello@agentchute.com. On cancellation, paid features deactivate at the end of the then-current billing period. Customer Code (which we do not store) is unaffected.

We may suspend or terminate Customer's access for material breach of these Terms (including violation of Acceptable Use), non-payment, or applicable-law compliance requirements. We will provide reasonable notice when possible.

Sections that by their nature should survive termination — including Disclaimer of Warranties, Limitation of Liability, Indemnification, and any accrued payment obligations — survive termination.

These Terms are governed by the laws of the State of Florida, USA, without regard to its conflict-of-laws principles, unless a signed order form or customer agreement says otherwise. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Any dispute arising out of or related to these Terms shall be resolved by binding arbitration administered by JAMS under its Streamlined Arbitration Rules, in Miami-Dade County, Florida. Both parties waive any right to a jury trial and to participate in any class action.

Either party may seek injunctive relief in any court of competent jurisdiction for actual or threatened misappropriation of intellectual property or breach of confidentiality.

We may update these Terms from time to time. Material changes will be communicated by email and via the AgentChute Service at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

Legal and Terms questions: legal@agentchute.com.

General questions: hello@agentchute.com.