PanDev CLI Plugin (Windows) — Software License Agreement

Version: 1.0
Effective date: 05/22/2026
Licensor: PanDev LLP

This agreement (the "Agreement") is a legally binding contract between you (an individual or an entity, the "Customer") and PanDev governing the installation and use of PanDev command-line interface plugins for Windows and compatible host environments (each a "CLI Plugin" and collectively the "CLI Plugins"). By installing, copying, or using a CLI Plugin you accept the terms of this Agreement. The person performing the installation represents and warrants that they act on behalf of and in the interests of the Customer and are authorized to accept the Agreement binding the Customer. Installation and use of the CLI Plugin are prohibited if the person is not authorized. This Agreement is intended solely for business-to-business use and does not apply to consumer use.

---

Definitions

"CLI Plugin" / "CLI Plugins" - PanDev command-line software installed in the Host Environment to execute commands, collect Activity Data, accept Prompt Content from the User, and transmit such data to the Server.

"Host Environment" - a Windows operating system (and any other compatible operating system explicitly supported by the CLI Plugin), together with the shell, terminal, CI runner, build agent, or other process that invokes the CLI Plugin.

"Server" - a remote PanDev endpoint (PanDev cloud SaaS or a PanDev instance deployed in the Customer's infrastructure, on-prem) that receives data from the CLI Plugin.

"Services" - PanDev cloud and other services that the CLI Plugin can connect to in order to transmit data and obtain functionality; the relevant terms are defined in the ToS and/or the DPA.

"Customer" - a legal entity or a sole proprietor/individual acting exclusively for business (non-consumer) purposes on whose behalf the CLI Plugin is installed and used.

"User" - an individual (an employee or contractor of the Customer) who invokes the CLI Plugin in the Host Environment.

"Activity Data" - metadata about CLI Plugin invocations (for example timestamps, command names, exit codes, durations, software and OS versions, and technical identifiers) as described in Appendix A. Activity Data does not include the text of Prompt Content.

"Prompt Content" - text and other input deliberately supplied by the User to the CLI Plugin for processing, analysis, or transmission to the Server. This includes command arguments, standard input (stdin) payloads, prompt files, and AI prompts where applicable. Prompt Content is content, not metadata, and is transmitted to the Server by design (see §4).

"Diagnostic Telemetry" - anonymized technical information about the CLI Plugin itself (state, versions, crashes, performance) that is different from Activity Data and Prompt Content.

"Cache" (local cache) - a temporary local storage area of the CLI Plugin used to accumulate Activity Data and Prompt Content when the Server is unavailable and to deliver such data after connectivity is restored.

1. Subject and Scope

1. The CLI Plugin is licensed, not sold. All rights in the CLI Plugin belong to the Licensor and/or its licensors.
2. The CLI Plugin is designed to operate only when connected to a remote PanDev server (cloud SaaS or a Customer-hosted instance, the "Server"). Without a connection to the Server the CLI Plugin functionality may be fully or partially unavailable.
3. The provision of PanDev Services (including SaaS) is governed by separate Terms of Service (ToS) and/or a Data Processing Agreement (DPA). This Agreement does not set the terms for the Services.
4. The CLI Plugin is intended for execution in a Host Environment running Microsoft Windows. Other operating systems are supported only where explicitly documented for the relevant CLI Plugin build.

2. License and Restrictions

1. The Licensor grants the Customer a non-exclusive, paid or unpaid (depending on the purchased license/subscription), non-transferable, non-sublicensable license worldwide for the term of this Agreement to install and use the CLI Plugin in the Host Environment and in connection with the Server.
2. The Customer must not: (i) bypass technical limitations; (ii) reverse engineer, decompile, or disassemble the CLI Plugin except to the extent permitted by applicable law; (iii) provide the CLI Plugin to third parties as a service bureau, rent, lease, loan, or redistribute it; (iv) use the CLI Plugin or data obtained through it (including Prompt Content and CLI Plugin responses) to build, train, test, benchmark, or otherwise develop competing software products or services without prior written consent from PanDev; (v) use the CLI Plugin in violation of applicable law, including export control and sanctions requirements; (vi) circumvent authentication, licensing, rate limits, bandwidth controls, or interfere with the Server; or (vii) automate the CLI Plugin to scrape, exfiltrate, or repackage Server outputs at scale outside the documented API and rate limits.
3. If the CLI Plugin includes paid features or subscriptions, additional licensing terms (named/seat, license keys, trial limits, per-invocation or token quotas) apply and are communicated to the Customer during purchase or activation.
4. The CLI Plugin may be used only in accordance with the current PanDev Service terms (ToS) and any agreements between the parties; in case of conflict the applicable agreement or ToS prevails.
5. The Customer is responsible for the acts and omissions of its Users and any third parties that gain access to the CLI Plugin and/or the Services through the Customer, including the contents of any Prompt Content submitted via the CLI Plugin.

3. SaaS and On-Prem Modes, Party Roles

1. When connected to SaaS, the Customer acts as the controller of personal data and PanDev acts as the processor in accordance with applicable data protection law. The relationship is governed by the DPA, which forms an integral part of the Services and applies only to the extent needed to provide SaaS.
2. When connected to on-prem, all Activity Data and Prompt Content are processed and controlled by the Customer within its own infrastructure. The Customer acts as the controller and operator/processor, and PanDev does not act as a processor and does not access the data unless otherwise expressly agreed by the parties in a separate document.
3. Remote support and access to data (if agreed). If, at the Customer's request, PanDev obtains limited remote access to the on-prem environment or exported materials (for example logs, command transcripts, or crash dumps) for support purposes, such access is limited to the minimum necessary scope and is governed by a separate DPA or Data Access Addendum defining the purpose, data categories, duration, and security measures.

4. Data Collected and Minimization

1. The CLI Plugin transmits to the Server two distinct streams of data:
   • Activity Data — invocation metadata: timestamps, command and subcommand names, argument shape (flag and subcommand names; the CLI Plugin does not automatically redact flag values, so the Customer must ensure secrets are not passed as flag values), exit codes, durations, OS and shell versions, CLI Plugin version, technical device/session identifiers, and other items described in Appendix A.
   • Prompt Content — the text and structured input that the User deliberately supplies to the CLI Plugin (command arguments where applicable, stdin payloads, prompt files, AI prompts) and any responses generated by the Server that the CLI Plugin returns to the User.
2. The User and the Customer acknowledge and agree that Prompt Content is content (not metadata) and is transmitted to and processed by the Server as a necessary part of the CLI Plugin's intended functionality. The Customer is solely responsible for ensuring that no material submitted as Prompt Content violates law, third-party rights, confidentiality obligations, or internal data classification rules.
3. The CLI Plugin does not automatically harvest:
   • the contents of files in the working directory that the User has not explicitly referenced as input;
   • environment variables (other than those expressly listed in CLI Plugin documentation as required for operation);
   • operating-system secret stores, credential managers, or token vaults beyond what is needed to authenticate to the Server;
   • source-code repositories or binary artifacts not explicitly passed as input.
4. The CLI Plugin does not perform automatic redaction of secrets in command arguments, Prompt Content, or any other User-supplied input. Material that the User submits — including, by mistake, credentials or tokens — is transmitted to the Server as is. The Customer must train Users not to embed secrets in Prompt Content or in command arguments, and must use the documented authentication mechanisms (which transmit credentials only over secure channels and do not place them in Activity Data) rather than passing credentials as ad-hoc arguments.
5. The Customer must ensure that processing is lawful under labor, privacy, intellectual property, and other applicable laws (for example employee notices, consent where required, local restrictions). PanDev is not responsible for the Customer's compliance with employee monitoring requirements or for the lawfulness of the Prompt Content submitted by Users.

5. Offline Cache and Deferred Delivery

1. If the Server is temporarily unavailable, the CLI Plugin stores Activity Data and Prompt Content in a temporary local cache and automatically delivers them once connectivity is restored.
2. By default the local cache is not limited by volume or retention period and cannot be configured within the CLI Plugin.
3. The cache may be cleared automatically when signing out or switching users. Clearing the cache may cause unrecoverable loss of undelivered events and prompts.
4. The Customer accepts the risk of losing some events or Prompt Content due to prolonged Server downtime, environment errors, user-driven data deletion, or device security policies.

6. Transmission and Storage Security

1. Data is transmitted via TLS 1.2 or higher with host verification.
2. The CLI Plugin stores its local cache and authentication tokens within the User's profile directory under the access rights of the current operating-system user account. Beyond filesystem access controls provided by the operating system, the CLI Plugin does not apply additional at-rest encryption to the cache or to tokens.
3. Because Prompt Content may contain sensitive business logic, source-code fragments, or proprietary information that the User chooses to submit, and because the cache and tokens are not additionally encrypted at rest, the Customer must (a) install the CLI Plugin only on devices with full-disk encryption (for example BitLocker on Windows), (b) enforce screen lock, per-User operating-system accounts, and timely sign-out on shared workstations, and (c) train Users not to embed secrets, credentials, or material the Customer is not entitled to disclose in Prompt Content or in command arguments.
4. PanDev may publish checksums for distribution archives so that the Customer can verify integrity prior to installation. The CLI Plugin may not currently carry a code-signing certificate; the Customer's environment may therefore display platform warnings (for example Microsoft Defender SmartScreen on Windows) when running an unsigned binary, and the Customer is responsible for the installation and code-execution policies of its environment.
5. PanDev is not responsible for data compromise caused by user tampering with system settings or registries, by disabling operating-system protections (full-disk encryption, account isolation), or by allowing other processes running under the same operating-system user account to read the cache or tokens.

7. Diagnostic Telemetry of the CLI Plugin

1. In addition to Activity Data and Prompt Content, the CLI Plugin may collect anonymized diagnostic telemetry (state, crashes, versions, performance) to improve quality.
2. In on-prem mode diagnostic telemetry is not used. In SaaS mode anonymized diagnostic telemetry may be transmitted.
3. Diagnostic Telemetry never includes Prompt Content or the substantive output returned to the User.

8. Third-Party Components and Open Licenses

1. The CLI Plugin may include third-party components distributed under their respective licenses. The list and terms are available in the NOTICE file or the pandev licenses subcommand of the CLI Plugin.
2. The terms of such components govern to the extent of any conflict, and take priority over this Agreement where required.

9. Intellectual Property and Trademarks

1. The CLI Plugin is licensed, not sold. All rights, title, and interest in the CLI Plugin, including source code, design, databases, documentation, trade names, marks, and logos of PanDev, belong to the Licensor and/or its licensors. No rights are granted by implication beyond those expressly stated in Section 2.
2. Use of trademarks is permitted only for fair identification of the CLI Plugin and does not grant ownership, registration, licensing, or disposition rights to those marks.
3. White-label/Co-branding. The Licensor may, under a separate agreement and subject to PanDev brand guidelines, grant the Customer a limited, non-exclusive, non-transferable, and revocable license to use certain PanDev designations, names, and visual elements solely for co-branding the CLI Plugin or its terminal output. This license does not transfer any brand rights and terminates upon breach or revocation by the Licensor.
4. The Customer must not remove, modify, or obscure copyright notices, trademark notices, or other intellectual property notices in the CLI Plugin or its output.

10. Feedback

1. The Customer and/or Users may provide the Licensor with ideas, comments, and other materials about improvements to the CLI Plugin or the Services (the "Feedback").
2. By providing Feedback, the Customer grants the Licensor a free, non-exclusive, perpetual, irrevocable, worldwide license to use, reproduce, modify, publish, distribute, and incorporate the Feedback into the Licensor's products and services without any obligation to attribute or compensate. The Licensor is not obliged to review, implement, or respond to Feedback.

11. Updates, Compatibility, and Version Pinning

1. PanDev may release updates, including those that change cache or delivery behavior, prompt-redaction rules, or telemetry composition.
2. The Customer may disable automatic updates and pin a specific version of the CLI Plugin, accepting the associated security and compatibility risks.
3. Critical security patches may be marked as mandatory to install.

12. Warranties and Liability

1. The CLI Plugin is provided "AS IS" without any express or implied warranties, including merchantability, fitness for a particular purpose, or non-infringement. PanDev is not liable for losses resulting from the use of unofficial CLI Plugin builds or modifications, or from the use of third-party software or non-standard versions that may affect CLI Plugin performance.
2. To the maximum extent permitted by law, PanDev is not liable for any indirect, special, punitive, incidental damages, lost profits, data loss, or claims by the Customer's employees arising from monitoring their activity or from the contents of Prompt Content they submitted.
3. PanDev's aggregate liability under this Agreement is limited to ten (10) US dollars or the amount paid by the Customer for CLI Plugin licenses during the last three (3) months (if any fees apply), whichever is greater. Liability for the Services is governed by the applicable ToS and/or DPA.

13. Term and Termination

1. This Agreement becomes effective when the CLI Plugin is installed and remains in force until the Customer removes the CLI Plugin or the Licensor terminates it under the terms of this Agreement.
2. The Licensor may terminate the license unilaterally if the Customer materially breaches the Agreement. The Customer must immediately stop using and delete all copies of the CLI Plugin upon termination.
3. Termination does not affect the provisions on intellectual property, disclaimers, liability limitations, governing law, or jurisdiction, all of which survive termination.

14. Export Control and Sanctions

1. The parties will comply with applicable export control regimes and economic sanctions. The Customer confirms that it is not subject to sanctions and will not use the CLI Plugin in sanctioned jurisdictions in violation of law.

15. Governing Law, Jurisdiction, and Language

1. This Agreement is governed by the laws of Kazakhstan, and disputes are subject to the competent courts of that jurisdiction.
2. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.
3. In case of interpretation issues, the Russian version prevails.
4. PanDev may update this Agreement. Continued use of the CLI Plugin after notice constitutes acceptance of the updated version. If you do not agree, remove the CLI Plugin.

16. Miscellaneous

1. This Agreement is intended solely for B2B use. The parties confirm that they act in the course of business and are not consumers. To the fullest extent permitted by law, consumer protection statutes do not apply.
2. If any mandatory consumer law provision applies contrary to the parties' intent, it applies only to the minimum extent required and does not affect the validity of the remaining terms.
3. Invalidity of a particular provision does not render the Agreement invalid as a whole.
4. Failure to enforce any right does not constitute a waiver.
5. The parties recognize the legal force of the Agreement and acceptance in electronic form.

---

Appendix A. Data Categories and Default Exclusions

Activity Data (metadata): event timestamps; CLI Plugin command and subcommand names; argument shape (flag and subcommand names; flag values may be recorded as the User typed them — the CLI Plugin does not automatically redact secret values); exit codes; invocation duration; CLI Plugin, shell, and OS versions; Windows build identifier; hostname hash; technical device/session identifiers; tenant/organization identifier in PanDev.

Prompt Content (content deliberately submitted by the User): CLI command input and prompts, including stdin payloads, prompt files explicitly passed as input, AI prompts, and User-provided text. Prompt Content is transmitted to the Server as part of the CLI Plugin's intended functionality.

Diagnostic Telemetry: CLI Plugin internal state, crash reports without Prompt Content, performance counters, version manifests. Not collected in on-prem mode.

Default exclusions (not automatically harvested): contents of files in the working directory that are not explicitly referenced as input; environment variables not listed as required for operation; OS secret stores beyond authentication scope; source-code repositories and binary artifacts not explicitly passed as input. Patterns such as **/secrets/**, **/*.key, **/.env*, **/node_modules/**, and directories containing confidential materials are excluded from any default file-attachment behavior.

No automatic secret redaction: the CLI Plugin does not automatically remove secrets from command arguments, Prompt Content, or any other User-supplied input. The Customer is responsible for training Users and configuring its environment so that secrets are not passed as command arguments or embedded in Prompt Content.

---

Contacts

Licensor: PanDev LLP
Office: 050057, Republic of Kazakhstan, Almaty, 124 Gagarin Ave.
Support: support@pandev.io