A few articles I've read suggest that the AGPL terms trigger if you MODIFY AGPL covered code. So if you (1) setup an AGPL service over the network "as-is" with no changes, (2) use the AGPL-covered service from your proprietary code over the network (ie, across a process boundary), then you are in the clear, and your proprietary code can remain closed.
If you instead, modify/customize the source of the AGPL-covered service, then you are required to make available your changes to AGPL-covered product under a AGPL license.
Is this a correct understanding of the situation? If the product implements a publicly documented protocol to communicate over the network (ie, not "complex internal structures", and/or replaceable with another product), is that permitted?
I am not a lawyer, but my understanding is the same as yours - if you host a proprietary service that has some AGPL components (say, an AGPL authentication service that users interact directly with to get a token, that they then pass to the proprietary parts), then you only have to make sure that the source code for the AGPL part is made available (or not even that if you are using it completely unmodified).
If you instead, modify/customize the source of the AGPL-covered service, then you are required to make available your changes to AGPL-covered product under a AGPL license.
Is this a correct understanding of the situation? If the product implements a publicly documented protocol to communicate over the network (ie, not "complex internal structures", and/or replaceable with another product), is that permitted?