---
description: "Centralized disclaimer language for AI-assisted planning and review agents requiring professional review acknowledgment"
applyTo: '**/.copilot-tracking/rai-plans/**, **/.copilot-tracking/rai-reviews/**, **/.copilot-tracking/security-plans/**, **/.copilot-tracking/sssc-plans/**, **/.copilot-tracking/adr-plans/**, **/.copilot-tracking/dt/**, **/docs/planning/adrs/**, **/.copilot-tracking/reviews/code-reviews/**, **/.copilot-tracking/security/**, **/.copilot-tracking/accessibility/**, **/.copilot-tracking/prd-sessions/**, **/.copilot-tracking/brd-sessions/**, **/.copilot-tracking/documentation/**'
---

# Disclaimer Language

Planning and review agents that generate assessments or findings requiring professional review display a CAUTION block during startup or when presenting results. Each section contains the verbatim disclaimer for the corresponding planner or review family. Prompt files and agents reference the appropriate section via `#file:` to ensure consistent presentation across all entry points.

<!--
Authoring contract (parsed by scripts/linting/Validate-PlannerArtifacts.ps1):

- Each planner or review family gets exactly one H2 section. The first whitespace-delimited word of the heading, lowercased, is the slug. Examples: "RAI Planning" -> "rai"; "Security Planning" -> "security"; "SSSC Planning" -> "sssc"; "Code-Review" -> "code-review". Hyphenated headings yield a single-token slug because the hyphen is not whitespace.
- The slug derives three downstream identifiers used by ai-artifact footer validation:
  - planner key: `{slug}-planner`
  - disclaimer id: `{slug}-full-disclaimer`
  - disclaimer label: `{heading} Disclaimer` (full heading, not slug)
- Each H2 section must contain exactly one `> [!CAUTION]` blockquote. Only the first CAUTION block in a section is extracted; additional CAUTION blocks within the same H2 are ignored.
- The CAUTION block's prose should begin with `**Disclaimer:**` (the trailing colon is optional). This prefix is stripped before the text is matched against artifact footers; prose without it is retained verbatim.
- Multi-line blockquote prose is joined with single spaces. Keep wrapping natural for source readability.
-->


## RAI Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide legal, regulatory, or compliance advice and does not replace Responsible AI review boards, ethics committees, legal counsel, compliance teams, or other qualified human reviewers. The output consists of suggested actions and considerations to support a user's own internal review and decision‑making. All RAI assessments, risk classification screenings, security models, and mitigation recommendations generated by this tool must be independently reviewed and validated by appropriate legal and compliance reviewers before use. Outputs from this tool do not constitute legal approval, compliance certification, or regulatory sign‑off.

## Security Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide legal, regulatory, or compliance advice and does not replace professional security review boards, penetration testing teams, compliance auditors, legal counsel, or other qualified human reviewers. The output consists of suggested actions and considerations to support a user's own internal security review and decision‑making. All security plans, threat models, security models, and mitigation recommendations generated by this tool must be independently reviewed and validated by appropriate security and compliance reviewers before use. Outputs from this tool do not constitute security approval, compliance certification, or regulatory sign‑off.

## SSSC Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide legal, regulatory, or compliance advice and does not replace professional supply chain security review boards, OpenSSF Scorecard evaluators, SLSA auditors, legal counsel, or other qualified human reviewers. The output consists of suggested actions and considerations to support a user's own internal supply chain security review and decision‑making. All supply chain assessments, gap analyses, backlog items, and mitigation recommendations generated by this tool must be independently reviewed and validated by appropriate security and compliance reviewers before use. Outputs from this tool do not constitute security approval, compliance certification, or regulatory sign‑off.

## ADR Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide legal, regulatory, architectural, or compliance advice and does not replace architecture review boards, design authorities, technical leadership, legal counsel, or other qualified human reviewers. The output consists of suggested decisions, considered options, consequences, and lineage metadata to support a user's own architecture decision-making. All Architecture Decision Records, supersession lineage, ASR trigger evaluations, and handoff work items generated by this tool must be independently reviewed and validated by appropriate architecture and engineering reviewers before adoption. Outputs from this tool do not constitute architectural approval, design sign-off, or compliance certification.

## PRD Requirements Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide product management approval, technical feasibility validation, or business sign-off and does not replace product managers, engineering leads, business stakeholders, or other qualified human reviewers. The output consists of suggested requirements, acceptance criteria, and product specifications to support a user's own product planning and decision-making. All Product Requirements Documents, functional requirements, non-functional requirements, and constraint definitions generated by this tool must be independently reviewed and validated by appropriate product and engineering reviewers before adoption. Outputs from this tool do not constitute product approval, requirements sign-off, or engineering commitment.

## BRD Requirements Planning

> [!CAUTION]
> **Disclaimer:** This agent is an assistive tool only. It does not provide business approval, regulatory compliance validation, or executive sign-off and does not replace business analysts, stakeholder representatives, compliance teams, or other qualified human reviewers. The output consists of suggested business requirements, objectives, and scope definitions to support a user's own business analysis and decision-making. All Business Requirements Documents, business objectives, stakeholder analysis, and requirement traceability generated by this tool must be independently reviewed and validated by appropriate business and compliance reviewers before adoption. Outputs from this tool do not constitute business approval, requirements sign-off, or stakeholder commitment.

## Design Thinking Coaching

> [!CAUTION]
> **Disclaimer:** This agent is an assistive coaching tool only. It does not conduct user research, observe stakeholders, or speak for the people whose problems you are designing for, and it does not replace primary research, direct stakeholder contact, design review, or product and strategy decision authority. Personas, problem statements, journey maps, empathy maps, concept tests, and other Design Thinking artifacts produced with this tool are scaffolding for your own research and synthesis — not substitutes for real stakeholder voice or observed behavior. Validate all AI-generated assumptions, personas, themes, and insights against actual stakeholders before treating any Design Thinking artifact as a basis for product, design, or strategy commitments. Outputs from this tool do not constitute validated research findings or design approval.

## Code-Review

> [!CAUTION]
> **Disclaimer:** This agent is an assistive review tool only. It does not provide engineering sign-off, security certification, or compliance approval and does not replace qualified human code review, security review boards, or other professional reviewers. The output consists of AI-assisted findings, observations, and suggested remediations to support a reviewer's own analysis and decision-making. All code-review findings — including functional, standards, and accessibility observations — generated by this tool must be independently reviewed and validated by a qualified human reviewer before acting on them, merging changes, or treating any finding as resolved. Outputs from this tool do not constitute engineering approval, merge authorization, or compliance certification.

## Security-Review

> [!CAUTION]
> **Disclaimer:** This agent is an assistive review tool only. It does not provide legal, regulatory, or compliance advice and does not replace professional security review boards, penetration testing teams, compliance auditors, or other qualified human reviewers. The output consists of AI-assisted findings, risk observations, and suggested remediations to support a reviewer's own security analysis and decision-making. All security-review findings, vulnerability assessments, and remediation recommendations generated by this tool must be independently reviewed and validated by a qualified security reviewer before acting on them or treating any finding as resolved. Outputs from this tool do not constitute security approval, compliance certification, or regulatory sign-off.

## Accessibility-Review

> [!CAUTION]
> **Disclaimer:** This agent is an assistive review tool only. It does not provide accessibility conformance certification or legal compliance sign-off and does not replace professional accessibility audits, assistive-technology user testing, or other qualified human reviewers. The output consists of AI-assisted findings, success-criteria observations, and suggested remediations to support a reviewer's own accessibility analysis and decision-making. All accessibility-review findings, conformance assessments, and remediation recommendations generated by this tool must be independently reviewed and validated by a qualified accessibility reviewer before acting on them or treating any finding as resolved. Outputs from this tool do not constitute accessibility conformance certification or legal compliance sign-off.

## Canonical session-state fields consumed by this disclaimer protocol

Planning and coaching agents that adopt this disclaimer protocol persist acknowledgment in their session state file (`state.json` for planners; `coaching-state.md` YAML for the DT Coach). The following field is required:

- `disclaimerShownAt` — ISO 8601 timestamp recording when the disclaimer was shown to the user. Set to `null` until shown; once shown, set to the timestamp and never overwritten.
