Tendril — AI Lessons for Real Life

Tendril

The premise

AI can summarize license obligations and flag risky transitive deps, but legal sign-off stays human.

What AI does well here

Summarize obligations of each license in your dep tree.

Flag copyleft contamination risk via transitive imports.

Draft NOTICE and ATTRIBUTIONS files.

What AI cannot do

Provide legal advice on dual-licensed or unusual licenses.

Detect contractual obligations outside the license text.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-ai-coding-AI-license-compliance-scan-creators

A project has a direct dependency under the MIT license, but that dependency imports another library under the AGPL license. What term best describes this situation?

Direct license violation
Copyleft contamination
License normalization
Permissive override

Which license obligation tier would typically require you to release source code only if you modify the licensed code itself, but not if you simply use it?

Strong copyleft
Restrictive
Permissive
Weak copyleft

Why must compliance checking recurse the full dependency tree rather than only examining direct dependencies?

License files are only stored in transitive dependencies
A clean direct dependency can pull AGPL or GPL through a chain of transitive imports
Direct dependencies are always compliant by definition
AI tools cannot read metadata from direct dependencies

What type of file can AI assistance help generate as part of the compliance process?

Binary release packages
Compiler configuration files
NOTICE and ATTRIBUTIONS files
Source code comments

When grouping dependencies by obligation tier, which category would include the MIT and BSD licenses?

Strong copyleft
Restrictive
Permissive
Weak copyleft

A project uses a library licensed under the GPL. Under strong copyleft terms, what typically happens if you distribute your software?

You must release your entire project's source code under GPL terms
You need to do nothing special
You must only pay a fee to the original authors
You must delete all code and stop distributing

What does 'transitive import' refer to in the context of dependency management?

License text imported into NOTICE files
Import statements in your own source code
The act of copying code into your project
Dependencies pulled in by your direct dependencies

Why is it important to flag 'risky transitives' during compliance scanning?

AI cannot read transitive dependency metadata
Transitive dependencies are never important for compliance
Some transitive dependencies may introduce restrictive or copyleft licenses that create legal obligations
Transitive dependencies always cause compilation errors

Which task represents the strongest practical use of AI in the license compliance workflow described?

Signing off on compliance documentation
Negotiating license terms with third parties
Summarizing obligations of each license in your dependency tree
Rendering final legal judgments about license compatibility

What type of license would typically be classified as 'restrictive' in the obligation tier system?

MIT
Proprietary with specific usage restrictions
GPL
BSD

A developer adds a new dependency to their project. What should the compliance process include before finalizing the addition?

Skipping compliance if the dependency is popular
Only checking the direct dependency's license
Checking the full dependency tree including all transitive dependencies
Assuming all popular dependencies are properly licensed

What makes the AGPL license particularly risky from a contamination perspective?

It only applies to direct dependencies
It has stronger copyleft terms than standard GPL, extending to network use
It is no longer a valid license
It requires payment for commercial use

In the context of license compliance, what distinguishes what AI 'does well' from what it 'cannot do'?

AI can summarize and flag based on patterns but cannot provide legal advice or detect obligations outside license text
AI can compile projects but cannot analyze dependencies
AI can read code but cannot read license files
AI can analyze text but cannot connect to the internet

Which view of "AI-Assisted Open-Source License Compliance" is most consistent with a balanced take?

The ideas only matter for one specific industry.
Only people with PhDs can apply the ideas correctly.
It is impossible to do anything useful with the topic.
It is a real, useful skill worth learning carefully.

Which captures a genuine tradeoff to weigh when applying these ideas?

Convenience and depth are guaranteed to grow together.
There is never any tradeoff between speed and learning.
Speed and convenience can come at the cost of depth, ownership, or skill-building.
Speed always damages a project beyond repair.

The premise

AI can summarize license obligations and flag risky transitive deps, but legal sign-off stays human.

What AI does well here

Summarize obligations of each license in your dep tree.

Flag copyleft contamination risk via transitive imports.

Draft NOTICE and ATTRIBUTIONS files.

What AI cannot do

Provide legal advice on dual-licensed or unusual licenses.

Detect contractual obligations outside the license text.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-ai-coding-AI-license-compliance-scan-creators

A project has a direct dependency under the MIT license, but that dependency imports another library under the AGPL license. What term best describes this situation?

Direct license violation
Copyleft contamination
License normalization
Permissive override

Which license obligation tier would typically require you to release source code only if you modify the licensed code itself, but not if you simply use it?

Strong copyleft
Restrictive
Permissive
Weak copyleft

Why must compliance checking recurse the full dependency tree rather than only examining direct dependencies?

License files are only stored in transitive dependencies
A clean direct dependency can pull AGPL or GPL through a chain of transitive imports
Direct dependencies are always compliant by definition
AI tools cannot read metadata from direct dependencies

What type of file can AI assistance help generate as part of the compliance process?

Binary release packages
Compiler configuration files
NOTICE and ATTRIBUTIONS files
Source code comments

When grouping dependencies by obligation tier, which category would include the MIT and BSD licenses?

Strong copyleft
Restrictive
Permissive
Weak copyleft

A project uses a library licensed under the GPL. Under strong copyleft terms, what typically happens if you distribute your software?

You must release your entire project's source code under GPL terms
You need to do nothing special
You must only pay a fee to the original authors
You must delete all code and stop distributing

What does 'transitive import' refer to in the context of dependency management?

License text imported into NOTICE files
Import statements in your own source code
The act of copying code into your project
Dependencies pulled in by your direct dependencies

Why is it important to flag 'risky transitives' during compliance scanning?

AI cannot read transitive dependency metadata
Transitive dependencies are never important for compliance
Some transitive dependencies may introduce restrictive or copyleft licenses that create legal obligations
Transitive dependencies always cause compilation errors

Which task represents the strongest practical use of AI in the license compliance workflow described?

Signing off on compliance documentation
Negotiating license terms with third parties
Summarizing obligations of each license in your dependency tree
Rendering final legal judgments about license compatibility

What type of license would typically be classified as 'restrictive' in the obligation tier system?

MIT
Proprietary with specific usage restrictions
GPL
BSD

A developer adds a new dependency to their project. What should the compliance process include before finalizing the addition?

Skipping compliance if the dependency is popular
Only checking the direct dependency's license
Checking the full dependency tree including all transitive dependencies
Assuming all popular dependencies are properly licensed

What makes the AGPL license particularly risky from a contamination perspective?

It only applies to direct dependencies
It has stronger copyleft terms than standard GPL, extending to network use
It is no longer a valid license
It requires payment for commercial use

In the context of license compliance, what distinguishes what AI 'does well' from what it 'cannot do'?

AI can summarize and flag based on patterns but cannot provide legal advice or detect obligations outside license text
AI can compile projects but cannot analyze dependencies
AI can read code but cannot read license files
AI can analyze text but cannot connect to the internet

Which view of "AI-Assisted Open-Source License Compliance" is most consistent with a balanced take?

The ideas only matter for one specific industry.
Only people with PhDs can apply the ideas correctly.
It is impossible to do anything useful with the topic.
It is a real, useful skill worth learning carefully.

Which captures a genuine tradeoff to weigh when applying these ideas?

Convenience and depth are guaranteed to grow together.
There is never any tradeoff between speed and learning.
Speed and convenience can come at the cost of depth, ownership, or skill-building.
Speed always damages a project beyond repair.