If you look at this tweet [1] and in particular responses under it, it still seems to me like some parts of it need additional clarification. For instance, I have seen some people interpret the tweet as meaning using the OAuth token is actually ok for personal experimentation with the Agent SDK, which can be seen as a slight contradiction with what you quoted. A parent tweet also mentioned the docs clean up causing some confusion.

None of this is legal advice, I'm just trying to understand what exactly is allowed or not.

[1] https://x.com/trq212/status/2024212380142752025?s=10