SQLite just became the first major open-source project to formalize rules for agent-generated contributions. The new AGENTS.md file and separate Bug Forum show how maintainers can accept high-volume AI submissions without drowning in noise or losing control of their codebase.
The policy draws a clear line. Agentic bug reports with reproducible test cases are welcome. Agentic code is not accepted, period. The recent commit removed “(currently)” from that statement with the message “Strengthen the statement about not accepting agentic code” (commit hash visible in the AGENTS.md history), signaling this is permanent policy, not a temporary stance.
The Public Domain Barrier
SQLite requires all contributions to be placed in the public domain. This creates a legal barrier that agents cannot navigate without human intervention.
The policy states: “SQLite does not accept pull requests without prior agreement and/or accompanying legal paperwork that places the pull request in the public domain.”
An agent can generate code, but it cannot sign legal documents or make binding commitments about intellectual property. The human operator must:
- Review the generated code
- Understand the licensing implications
- Sign paperwork affirming public domain dedication
- Take legal responsibility for the contribution
This requirement forces a human checkpoint into the pipeline. Even if an agent produces perfect code, the submission process requires human judgment and legal accountability.
Bug Reports vs. Code Contributions
SQLite draws a clear line between two types of agentic output:
Accepted: Bug reports with reproducible test cases
- Agents can file issues in the new Bug Forum
- Must include steps to reproduce
- Can include proof-of-concept patches for documentation purposes
- Human maintainers review and reimplement fixes
Rejected: Direct code contributions
- No agentic pull requests
- No agent-written patches intended for merging
- Human developers may review agentic PRs as proof-of-concept, then reimplement
The trust boundary is implementation. SQLite will accept an agent’s analysis of a problem and even a demonstration of a fix, but the actual code that ships must be written by a human who understands the codebase, the test suite, and the implications.
Bug Forum Architecture
The flood of AI-generated bug reports forced SQLite to create dedicated infrastructure. The new Bug Forum separates agentic submissions from the main development discussion.
This architectural split serves multiple purposes:
- Triage at scale: Maintainers can batch-process AI reports without cluttering main channels
- Signal filtering: Human-written issues stay in the primary forum
- Quality variance: AI reports range from excellent to nonsense; isolation contains the noise
- Maintainer sanity: D. Richard Hipp can work through the queue systematically
The forum shows active use. Hipp has been resolving issues from the new forum with commits to the codebase, meaning the agentic reports are finding real bugs. The system works because it separates discovery (agents can help) from implementation (humans must do).
Trade-offs in Agentic Contribution Policies
| Aspect | SQLite Implementation | Outcome |
|---|---|---|
| Bug discovery | Dedicated Bug Forum accepts all reports with reproducible test cases | D. Richard Hipp actively resolving issues with commits; high volume but real signal |
| Code quality control | Human maintainers review agentic PRs as proof-of-concept only, then reimplement | Preserves SQLite code quality standards and architectural coherence |
| Legal liability | Public domain requirement blocks direct agentic contributions | Forces human legal accountability; agent cannot sign paperwork |
| Maintainer workload | Separate forum isolates agentic noise from main development channels | Hipp can batch-process without disrupting core team workflow |
| Community trust | Explicit “does not accept agentic code” policy in AGENTS.md | Maintains reputation for human-crafted, expert-reviewed codebase |
SQLite’s Actual Policy Structure
Here is the core of SQLite’s AGENTS.md file:
SQLite does not accept pull requests without prior agreement and/or
accompanying legal paperwork that places the pull request in the
public domain.
However, the human SQLite developers will review a concise and
well-written pull request as a proof-of-concept prior to
reimplementing the changes themselves.
SQLite does not accept agentic code.
However the project will accept agentic bug reports that include
a reproducible test case. Patches or pull requests demonstrating
a possible fix, for documentation purposes, are welcomed.The policy relies on three enforcement layers:
- Legal: Public domain requirement cannot be satisfied by an agent
- Architectural: Separate Bug Forum channels agentic submissions away from main development
- Social: Explicit policy statement sets expectations for agent operators
Recognizing Agentic Bug Reports
SQLite does not define detection criteria explicitly, but the Bug Forum activity shows patterns. D. Richard Hipp triages based on:
- Presence of reproducible test case (required)
- Clarity of expected vs. actual behavior
- Minimal example code (not application dumps)
- Real-world impact vs. theoretical edge case
The forum accepts high volume because the triage cost is offset by discovering real bugs. Hipp’s commit activity shows he validates each report and implements fixes for legitimate issues, ignoring noise.
Failure Modes This Policy Prevents
Legal contamination: Without clear public domain dedication, agentic code could introduce licensing ambiguity. If the agent trained on GPL code and generated a similar pattern, who is liable?
Quality drift: Accepting agentic code directly would pressure maintainers to review at agent speed, not human comprehension speed. The reimplement-after-review model preserves deliberate craftsmanship.
Trust erosion: Users trust SQLite because experts wrote it. Allowing agentic contributions without disclosure would undermine that trust, even if the code is correct.
Maintenance burden: Agentic code often works for the test case but breaks in adjacent scenarios. Human reimplementation catches these issues before they ship.
Technical Verdict
Use this pattern when:
- Your project has clear licensing requirements (public domain, CLA, DCO)
- You can dedicate infrastructure to triage agentic submissions
- Bug discovery matters more than perfect signal-to-noise
- You have maintainer capacity to review and reimplement
Avoid this pattern when:
- You lack bandwidth to process high-volume reports
- Your project is early-stage and needs focused human feedback
- Licensing is ambiguous or you accept contributions under multiple licenses
- You cannot communicate the policy to agent operators
SQLite’s approach works because the project is mature, the maintainers are experienced, and the public domain requirement creates a natural checkpoint. Smaller projects might start with a simpler rule: “No agentic contributions until we have dedicated triage infrastructure.”
As more projects adopt AGENTS.md files, agent developers will need to respect these boundaries or risk being blocked entirely. The policy is not anti-AI; it is pro-maintainer-sanity and pro-code-quality. SQLite has set a precedent by formalizing what many maintainers were already doing informally: accepting agentic analysis while requiring human implementation.