npm - @open-agreements/open-agreements - Versions diffs - 0.2.2 → 0.3.0 - Mend

@open-agreements/open-agreements 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

package/README.md CHANGED Viewed

@@ -280,6 +280,36 @@ Vercel deploy notes:
 - Keep project root as repo root
 - The included `vercel.json` deploys `_site/` as static output
+## Compliance & Audit Skills
+Open Agreements includes AI agent skills for ISO 27001 and SOC 2 compliance work. These are markdown-only procedural skills — no scripts executed, no secrets required, evidence stays local. Developed with [Hazel Castro](https://internalisoaudit.com) (ISO 27001 Lead Auditor, 14+ years, 100+ audits).
+### ISO 27001 Evidence Collection
+Collect, organize, and validate evidence for ISO 27001 and SOC 2 audits. API-first approach with CLI commands for major cloud platforms. Produces timestamped, auditor-ready evidence packages.
+```bash
+npx skills add open-agreements/open-agreements --skill iso-27001-evidence-collection
+```
+### ISO 27001 Internal Audit
+Run a structured internal audit against ISO 27001:2022. Walk through controls by domain, identify gaps, collect evidence, and generate findings with corrective action recommendations.
+```bash
+npx skills add open-agreements/open-agreements --skill iso-27001-internal-audit
+```
+### SOC 2 Readiness
+Assess SOC 2 Type II readiness. Map Trust Services Criteria to controls, identify gaps, and build a prioritized remediation plan with NIST SP 800-53 cross-mapping.
+```bash
+npx skills add open-agreements/open-agreements --skill soc2-readiness
+```
+All three skills use NIST SP 800-53 (public domain) as their canonical reference. Browse the full skill catalog at [skills.sh/open-agreements](https://skills.sh/open-agreements).
 ## Optional Content Roots (Future-Proofing)
 To support logical unbundling as form libraries grow, `open-agreements` can load content from additional roots via:

package/content/templates/closing-checklist/template.docx CHANGED Viewed

Binary file

package/content/templates/common-paper-ai-addendum/README.md CHANGED Viewed

@@ -17,6 +17,24 @@ An AI addendum based on [Common Paper's](https://commonpaper.com) standard terms
 | `ai_policy_reference` | string | no | Reference to AI usage policy |
 | `additional_terms` | string | no | Additional AI-specific terms |
+### Signature Block
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `provider_signatory_type` | enum (`entity` / `individual`) | no | Whether the Provider signatory is an entity or individual (default: `entity`) |
+| `provider_signatory_name` | string | no | Full legal name of the Provider's signatory |
+| `provider_signatory_title` | string | no | Title/role of the Provider's signatory (entity only) |
+| `provider_signatory_company` | string | no | Company name for the Provider signatory (entity only) |
+| `provider_signatory_email` | string | no | Notice email address for the Provider |
+| `customer_signatory_type` | enum (`entity` / `individual`) | no | Whether the Customer signatory is an entity or individual (default: `entity`) |
+| `customer_signatory_name` | string | no | Full legal name of the Customer's signatory |
+| `customer_signatory_title` | string | no | Title/role of the Customer's signatory (entity only) |
+| `customer_signatory_company` | string | no | Company name for the Customer signatory (entity only) |
+| `customer_signatory_email` | string | no | Notice email address for the Customer |
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
 ## Attribution
 Based on the Common Paper AI Addendum, available at https://commonpaper.com.

package/content/templates/common-paper-ai-addendum/metadata.yaml CHANGED Viewed

@@ -26,6 +26,142 @@ fields:
     type: string
     description: Additional AI-specific terms
     section: Legal
+  - name: training_data_none
+    type: boolean
+    description: No Training Data types selected
+    section: AI Training
+  - name: training_data_usage
+    type: boolean
+    description: Usage Data is Training Data
+    section: AI Training
+  - name: training_data_feedback
+    type: boolean
+    description: Feedback is Training Data
+    section: AI Training
+  - name: training_data_input
+    type: boolean
+    description: Input is Training Data
+    section: AI Training
+  - name: training_data_output
+    type: boolean
+    description: Output is Training Data
+    section: AI Training
+  - name: training_data_prompts
+    type: boolean
+    description: User prompts (excluding other Input) are Training Data
+    section: AI Training
+  - name: training_data_customer_content
+    type: boolean
+    description: Customer Content is Training Data
+    section: AI Training
+  - name: training_data_additional
+    type: boolean
+    description: Additional Training Data types apply
+    section: AI Training
+  - name: model_training_none
+    type: boolean
+    description: No model training permitted
+    section: AI Training
+  - name: model_training_customer_only
+    type: boolean
+    description: Model training solely for Customer benefit
+    section: AI Training
+  - name: training_data_aggregated
+    type: boolean
+    description: Training Data must be aggregated
+    section: AI Training
+  - name: training_data_deidentified
+    type: boolean
+    description: Training Data must be de-identified
+    section: AI Training
+  - name: training_data_best_effort_deidentify
+    type: boolean
+    description: Provider will use commercially reasonable efforts to de-identify Training Data
+    section: AI Training
+  - name: training_requirements_additional
+    type: boolean
+    description: Additional Training Data requirements apply
+    section: AI Training
+  - name: no_customer_identification
+    type: boolean
+    description: Neither Input nor Output may identify Customer
+    section: AI Output
+  - name: improvements_for_customer_only
+    type: boolean
+    description: Improvements from Customer data solely for Customer benefit
+    section: AI Output
+  - name: output_restrictions_additional
+    type: boolean
+    description: Additional output restrictions apply
+    section: AI Output
+  - name: ai_provider_covered_claims
+    type: boolean
+    description: Provider AI-specific Covered Claims apply
+    section: AI Liability
+  - name: provider_covered_claims_detail
+    type: string
+    description: Detail of Provider Covered Claims describing Output IP infringement provisions
+    section: AI Liability
+  - name: provider_covered_claims_exclusions
+    type: string
+    description: Provider Covered Claims indemnity exclusions (e.g. combined use, Input, breach, modifications)
+    section: AI Liability
+  - name: customer_covered_claims_detail
+    type: string
+    description: Detail of Customer Covered Claims describing IP infringement and usage violation provisions
+    section: AI Liability
+  - name: ai_customer_covered_claims
+    type: boolean
+    description: Customer AI-specific Covered Claims apply
+    section: AI Liability
+  - name: provider_signatory_type
+    type: enum
+    description: Whether the Provider signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: provider_signatory_name
+    type: string
+    description: Full legal name of the Provider's signatory
+    section: Signature Block
+  - name: provider_signatory_title
+    type: string
+    description: Title/role of the Provider's signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_company
+    type: string
+    description: Company name for the Provider signatory (entity only)
+    section: Signature Block
+  - name: provider_signatory_email
+    type: string
+    description: Notice email address for the Provider
+    section: Signature Block
+  - name: customer_signatory_type
+    type: enum
+    description: Whether the Customer signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: customer_signatory_name
+    type: string
+    description: Full legal name of the Customer's signatory
+    section: Signature Block
+  - name: customer_signatory_title
+    type: string
+    description: Title/role of the Customer's signatory (entity only)
+    section: Signature Block
+  - name: customer_signatory_company
+    type: string
+    description: Company name for the Customer signatory (entity only)
+    section: Signature Block
+  - name: customer_signatory_email
+    type: string
+    description: Notice email address for the Customer
+    section: Signature Block
 required_fields:
   - company_name
   - agreement_description

package/content/templates/common-paper-ai-addendum/replacements.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "[ that the Output—when generated and used by Customer according to the terms of the Agreement and the AI Addendum—violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity. ": "{provider_covered_claims_detail}",
+  "Without limiting the indemnity exclusions in the Agreement, Provider's obligations as an Indemnifying Party will not apply to Provider Covered Claims that result from: (a) use of Output in combination with data, software, hardware, equipment, technology, or other products or services not provided by Provider; (b) Input; (c) Customer's use of the AI Services in breach of the Agreement or the AI Addendum; (d) modifications to the Output that were not made by Provider; (e) Output that Customer knew or should have known might violate, misappropriate, or otherwise infringe upon another's intellectual property or other proprietary rights; or (f) a claim that use of Output infringes another's trademark or related rights. ]": "{provider_covered_claims_exclusions}",
+  "[ that (1) the Input—when used by Provider according to the terms of the Agreement and the AI Addendum—violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity; or (2) results from Customer's use of the AI Services in violation of the applicable restrictions in the Agreement or the AI Addendum. ]": "{customer_covered_claims_detail}"
+}

package/content/templates/common-paper-ai-addendum/selections.json ADDED Viewed

@@ -0,0 +1,62 @@
+{
+  "groups": [
+    {
+      "id": "training_data_types",
+      "type": "checkbox",
+      "options": [
+        { "marker": "None", "trigger": { "field": "training_data_none" } },
+        { "marker": "Usage Data", "trigger": { "field": "training_data_usage" } },
+        { "marker": "Feedback", "trigger": { "field": "training_data_feedback" } },
+        { "marker": "Input", "trigger": { "field": "training_data_input" } },
+        { "marker": "Output", "trigger": { "field": "training_data_output" } },
+        { "marker": "User prompts, excluding other components of Input", "trigger": { "field": "training_data_prompts" } },
+        { "marker": "Customer Content", "trigger": { "field": "training_data_customer_content" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_data_additional" } }
+      ]
+    },
+    {
+      "id": "model_training_scope",
+      "type": "radio",
+      "options": [
+        { "marker": "None", "trigger": { "field": "model_training_none", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services solely for Customer\u2019s benefit", "trigger": { "field": "model_training_customer_only", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services", "trigger": "default" }
+      ]
+    },
+    {
+      "id": "training_data_requirements",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Training Data must be aggregated", "trigger": { "field": "training_data_aggregated" } },
+        { "marker": "Training Data must be de-identified", "trigger": { "field": "training_data_deidentified" } },
+        { "marker": "Provider will use commercially reasonable efforts consistent with industry standard technology to de-identify", "trigger": { "field": "training_data_best_effort_deidentify" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_requirements_additional" } }
+      ]
+    },
+    {
+      "id": "output_restrictions",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Neither Input nor Output may identify Customer", "trigger": { "field": "no_customer_identification" } },
+        { "marker": "Improvements based on Customer's Input, Output, or Training Data will be solely for Customer's benefit", "trigger": { "field": "improvements_for_customer_only" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "output_restrictions_additional" } }
+      ]
+    },
+    {
+      "id": "ai_covered_claims",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Provider Covered Claims include any action", "trigger": { "field": "ai_provider_covered_claims" } },
+        { "marker": "Customer Covered Claims include any action", "trigger": { "field": "ai_customer_covered_claims" } }
+      ]
+    },
+    {
+      "id": "ai_acceptable_use_policy",
+      "type": "checkbox",
+      "standalone": true,
+      "options": [
+        { "marker": "Use of the AI Services is subject to the Acceptable Use Policy", "trigger": { "field": "ai_policy_reference" } }
+      ]
+    }
+  ]
+}

package/content/templates/common-paper-ai-addendum/template.docx CHANGED Viewed

Binary file

package/content/templates/common-paper-ai-addendum-in-app/metadata.yaml CHANGED Viewed

@@ -18,4 +18,92 @@ fields:
     type: string
     description: Additional AI-specific terms
     section: Legal
+  - name: training_data_none
+    type: boolean
+    description: No Training Data types selected
+    section: AI Training
+  - name: training_data_usage
+    type: boolean
+    description: Usage Data is Training Data
+    section: AI Training
+  - name: training_data_feedback
+    type: boolean
+    description: Feedback is Training Data
+    section: AI Training
+  - name: training_data_input
+    type: boolean
+    description: Input is Training Data
+    section: AI Training
+  - name: training_data_output
+    type: boolean
+    description: Output is Training Data
+    section: AI Training
+  - name: training_data_prompts
+    type: boolean
+    description: User prompts (excluding other Input) are Training Data
+    section: AI Training
+  - name: training_data_customer_content
+    type: boolean
+    description: Customer Content is Training Data
+    section: AI Training
+  - name: training_data_additional
+    type: boolean
+    description: Additional Training Data types apply
+    section: AI Training
+  - name: model_training_none
+    type: boolean
+    description: No model training permitted
+    section: AI Training
+  - name: model_training_customer_only
+    type: boolean
+    description: Model training solely for Customer benefit
+    section: AI Training
+  - name: training_data_aggregated
+    type: boolean
+    description: Training Data must be aggregated
+    section: AI Training
+  - name: training_data_deidentified
+    type: boolean
+    description: Training Data must be de-identified
+    section: AI Training
+  - name: training_data_best_effort_deidentify
+    type: boolean
+    description: Provider will use commercially reasonable efforts to de-identify Training Data
+    section: AI Training
+  - name: training_requirements_additional
+    type: boolean
+    description: Additional Training Data requirements apply
+    section: AI Training
+  - name: no_customer_identification
+    type: boolean
+    description: Neither Input nor Output may identify Customer
+    section: AI Output
+  - name: improvements_for_customer_only
+    type: boolean
+    description: Improvements from Customer data solely for Customer benefit
+    section: AI Output
+  - name: output_restrictions_additional
+    type: boolean
+    description: Additional output restrictions apply
+    section: AI Output
+  - name: ai_provider_covered_claims
+    type: boolean
+    description: Provider AI-specific Covered Claims apply
+    section: AI Liability
+  - name: provider_covered_claims_detail
+    type: string
+    description: Detail of Provider Covered Claims describing Output IP infringement provisions
+    section: AI Liability
+  - name: provider_covered_claims_exclusions
+    type: string
+    description: Provider Covered Claims indemnity exclusions (e.g. combined use, Input, breach, modifications)
+    section: AI Liability
+  - name: customer_covered_claims_detail
+    type: string
+    description: Detail of Customer Covered Claims describing IP infringement and usage violation provisions
+    section: AI Liability
+  - name: ai_customer_covered_claims
+    type: boolean
+    description: Customer AI-specific Covered Claims apply
+    section: AI Liability
 required_fields: []

package/content/templates/common-paper-ai-addendum-in-app/replacements.json ADDED Viewed

@@ -0,0 +1,5 @@
+{
+  "[ that the Output\u2014when generated and used by Customer according to the terms of the Agreement and the AI Addendum\u2014violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity. ": "{provider_covered_claims_detail}",
+  "Without limiting the indemnity exclusions in the Agreement, Provider's obligations as an Indemnifying Party will not apply to Provider Covered Claims that result from: (a) use of Output in combination with data, software, hardware, equipment, technology, or other products or services not provided by Provider; (b) Input; (c) Customer's use of the AI Services in breach of the Agreement or the AI Addendum; (d) modifications to the Output that were not made by Provider; (e) Output that Customer knew or should have known might violate, misappropriate, or otherwise infringe upon another's intellectual property or other proprietary rights; or (f) a claim that use of Output infringes another's trademark or related rights. ]": "{provider_covered_claims_exclusions}",
+  "[ that (1) the Input\u2014when used by Provider according to the terms of the Agreement and the AI Addendum\u2014violates, misappropriates, or otherwise infringes upon the intellectual property or other proprietary rights of another person or entity; or (2) results from Customer's use of the AI Services in violation of the applicable restrictions in the Agreement or the AI Addendum. ]": "{customer_covered_claims_detail}"
+}

package/content/templates/common-paper-ai-addendum-in-app/selections.json ADDED Viewed

@@ -0,0 +1,62 @@
+{
+  "groups": [
+    {
+      "id": "training_data_types",
+      "type": "checkbox",
+      "options": [
+        { "marker": "None", "trigger": { "field": "training_data_none" } },
+        { "marker": "Usage Data", "trigger": { "field": "training_data_usage" } },
+        { "marker": "Feedback", "trigger": { "field": "training_data_feedback" } },
+        { "marker": "Input", "trigger": { "field": "training_data_input" } },
+        { "marker": "Output", "trigger": { "field": "training_data_output" } },
+        { "marker": "User prompts, excluding other components of Input", "trigger": { "field": "training_data_prompts" } },
+        { "marker": "Customer Content", "trigger": { "field": "training_data_customer_content" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_data_additional" } }
+      ]
+    },
+    {
+      "id": "model_training_scope",
+      "type": "radio",
+      "options": [
+        { "marker": "None", "trigger": { "field": "model_training_none", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services solely for Customer\u2019s benefit", "trigger": { "field": "model_training_customer_only", "equals": true } },
+        { "marker": "Train the Model(s) in the AI Services", "trigger": "default" }
+      ]
+    },
+    {
+      "id": "training_data_requirements",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Training Data must be aggregated", "trigger": { "field": "training_data_aggregated" } },
+        { "marker": "Training Data must be de-identified", "trigger": { "field": "training_data_deidentified" } },
+        { "marker": "Provider will use commercially reasonable efforts consistent with industry standard technology to de-identify", "trigger": { "field": "training_data_best_effort_deidentify" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "training_requirements_additional" } }
+      ]
+    },
+    {
+      "id": "output_restrictions",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Neither Input nor Output may identify Customer", "trigger": { "field": "no_customer_identification" } },
+        { "marker": "Improvements based on Customer's Input, Output, or Training Data will be solely for Customer's benefit", "trigger": { "field": "improvements_for_customer_only" } },
+        { "marker": "{additional_terms}", "trigger": { "field": "output_restrictions_additional" } }
+      ]
+    },
+    {
+      "id": "ai_covered_claims",
+      "type": "checkbox",
+      "options": [
+        { "marker": "Provider Covered Claims include any action", "trigger": { "field": "ai_provider_covered_claims" } },
+        { "marker": "Customer Covered Claims include any action", "trigger": { "field": "ai_customer_covered_claims" } }
+      ]
+    },
+    {
+      "id": "ai_acceptable_use_policy",
+      "type": "checkbox",
+      "standalone": true,
+      "options": [
+        { "marker": "Use of the AI Services is subject to the Acceptable Use Policy", "trigger": { "field": "ai_policy_reference" } }
+      ]
+    }
+  ]
+}

package/content/templates/common-paper-amendment/README.md CHANGED Viewed

@@ -21,6 +21,24 @@ An amendment template for modifying existing agreements, based on [Common Paper'
 | `amendment_topic` | string | yes | Topic or variable being changed |
 | `amendment_details` | string | yes | Details about what is being changed |
+### Signature Block
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `party_1_signatory_type` | enum (`entity` / `individual`) | no | Whether the first party signatory is an entity or individual (default: `entity`) |
+| `party_1_signatory_name` | string | no | Full legal name of the first party's signatory |
+| `party_1_signatory_title` | string | no | Title/role of the first party's signatory (entity only) |
+| `party_1_signatory_company` | string | no | Company name for the first party signatory (entity only) |
+| `party_1_signatory_email` | string | no | Notice email address for the first party |
+| `party_2_signatory_type` | enum (`entity` / `individual`) | no | Whether the second party signatory is an entity or individual (default: `entity`) |
+| `party_2_signatory_name` | string | no | Full legal name of the second party's signatory |
+| `party_2_signatory_title` | string | no | Title/role of the second party's signatory (entity only) |
+| `party_2_signatory_company` | string | no | Company name for the second party signatory (entity only) |
+| `party_2_signatory_email` | string | no | Notice email address for the second party |
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
 ## Attribution
 Based on the Common Paper Amendment, available at https://commonpaper.com.

package/content/templates/common-paper-amendment/metadata.yaml CHANGED Viewed

@@ -42,6 +42,54 @@ fields:
     type: string
     description: Details about what is being changed
     section: Terms
+  - name: party_1_signatory_type
+    type: enum
+    description: Whether the first party signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: party_1_signatory_name
+    type: string
+    description: Full legal name of the first party's signatory
+    section: Signature Block
+  - name: party_1_signatory_title
+    type: string
+    description: Title/role of the first party's signatory (entity only)
+    section: Signature Block
+  - name: party_1_signatory_company
+    type: string
+    description: Company name for the first party signatory (entity only)
+    section: Signature Block
+  - name: party_1_signatory_email
+    type: string
+    description: Notice email address for the first party
+    section: Signature Block
+  - name: party_2_signatory_type
+    type: enum
+    description: Whether the second party signatory is an entity or individual
+    options:
+      - entity
+      - individual
+    default: entity
+    section: Signature Block
+  - name: party_2_signatory_name
+    type: string
+    description: Full legal name of the second party's signatory
+    section: Signature Block
+  - name: party_2_signatory_title
+    type: string
+    description: Title/role of the second party's signatory (entity only)
+    section: Signature Block
+  - name: party_2_signatory_company
+    type: string
+    description: Company name for the second party signatory (entity only)
+    section: Signature Block
+  - name: party_2_signatory_email
+    type: string
+    description: Notice email address for the second party
+    section: Signature Block
 required_fields:
   - company_name
   - party_1

package/content/templates/common-paper-amendment/template.docx CHANGED Viewed

Binary file

package/content/templates/common-paper-business-associate-agreement/README.md CHANGED Viewed

@@ -20,9 +20,28 @@ A HIPAA business associate agreement based on [Common Paper's](https://commonpap
 | `aggregation_restrictions` | string | no | Specific aggregation restrictions |
 | `offshoring_restrictions` | string | no | Specific offshoring rights or restrictions |
 | `breach_notification_unit` | string | no | Unit for breach notification period |
-| `fill_in_value` | string | no | General fill-in value |
+| `breach_notification_number` | string | no | Numeric value for the breach notification period (e.g. 5) |
+| `other_changes` | string | no | Prose describing other changes to BAA Standard Terms |
 | `custom_effective_date` | string | no | Custom effective date |
+### Signature Block
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `provider_signatory_type` | enum (`entity` / `individual`) | no | Whether the Provider signatory is an entity or individual (default: `entity`) |
+| `provider_signatory_name` | string | no | Full legal name of the Provider's signatory |
+| `provider_signatory_title` | string | no | Title/role of the Provider's signatory (entity only) |
+| `provider_signatory_company` | string | no | Company name for the Provider signatory (entity only) |
+| `provider_signatory_email` | string | no | Notice email address for the Provider |
+| `company_signatory_type` | enum (`entity` / `individual`) | no | Whether the Company signatory is an entity or individual (default: `entity`) |
+| `company_signatory_name` | string | no | Full legal name of the Company's signatory |
+| `company_signatory_title` | string | no | Title/role of the Company's signatory (entity only) |
+| `company_signatory_company` | string | no | Company name for the Company signatory (entity only) |
+| `company_signatory_email` | string | no | Notice email address for the Company |
+> **Note:** `*_title` and `*_company` are only rendered when the corresponding `*_type` is `entity` (default). When set to `individual`, those cells are left blank even if values are provided.
 ## Attribution
 Based on the Common Paper Business Associate Agreement, available at https://commonpaper.com.