@kaademos/secure-sdlc 1.0.0

package/.github/workflows/secure-sdlc-gate.yml

@@ -0,0 +1,325 @@
+name: Secure SDLC Gate
+
+on:
+  pull_request:
+    branches: [main, master, develop, staging]
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Release version for full gate (e.g. v1.2.0)'
+        required: false
+        type: string
+
+permissions:
+  contents: read
+  pull-requests: write
+  security-events: write
+
+jobs:
+  # ────────────────────────────────────────────────────────────────
+  # SDLC Artefact Gate
+  # Checks that required security documents exist and are not
+  # blank templates before allowing merges to protected branches.
+  # ────────────────────────────────────────────────────────────────
+  artefact-gate:
+    name: SDLC Artefact Gate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check required security artefacts
+        id: artefact-check
+        run: |
+          set +e
+          BLOCKERS=()
+          WARNINGS=()
+          
+          check_artefact() {
+            local file="$1"
+            local label="$2"
+            local required="$3"
+            
+            if [ ! -f "$file" ]; then
+              if [ "$required" = "true" ]; then
+                BLOCKERS+=("MISSING: $file ($label)")
+                echo "::error file=$file::Required security artefact missing: $file"
+              else
+                WARNINGS+=("MISSING (optional): $file")
+              fi
+              return 1
+            fi
+            
+            # Check if it's an unfilled template
+            if grep -q "\[Feature Name\]\|\[YYYY-MM-DD\]\|\[Brief description" "$file" 2>/dev/null; then
+              local wc=$(wc -l < "$file")
+              # Short files with placeholder text are unfilled templates
+              if [ "$wc" -lt 200 ]; then
+                if [ "$required" = "true" ]; then
+                  BLOCKERS+=("TEMPLATE UNFILLED: $file - appears to be the blank template, not a completed document")
+                  echo "::error file=$file::Security artefact appears to be an unfilled template: $file"
+                fi
+                return 1
+              fi
+            fi
+            
+            echo "✓ $file"
+            return 0
+          }
+          
+          # PLAN phase artefacts — required for all PRs to main/master
+          TARGET="${{ github.base_ref }}"
+          
+          if [[ "$TARGET" == "main" || "$TARGET" == "master" ]]; then
+            check_artefact "docs/security-requirements.md" "product-manager / PLAN" "true"
+            check_artefact "docs/risk-register.md" "grc-analyst / PLAN" "true"
+            check_artefact "docs/threat-model.md" "appsec-engineer / DESIGN" "true"
+            check_artefact "docs/sast-findings.md" "appsec-engineer / BUILD" "true"
+          else
+            # For non-main branches, warn if artefacts are missing
+            check_artefact "docs/security-requirements.md" "product-manager / PLAN" "false"
+            check_artefact "docs/risk-register.md" "grc-analyst / PLAN" "false"
+          fi
+          
+          # Always optional
+          check_artefact "docs/infra-security-review.md" "cloud-platform-engineer / DESIGN" "false"
+          
+          # Report
+          if [ ${#BLOCKERS[@]} -gt 0 ]; then
+            echo ""
+            echo "::group::Gate Blockers"
+            for b in "${BLOCKERS[@]}"; do
+              echo "  ✗ $b"
+            done
+            echo "::endgroup::"
+            echo "GATE_RESULT=FAIL" >> $GITHUB_OUTPUT
+            echo "BLOCKERS=${BLOCKERS[*]}" >> $GITHUB_OUTPUT
+            exit 1
+          else
+            echo "GATE_RESULT=PASS" >> $GITHUB_OUTPUT
+            echo "All required artefacts present."
+          fi
+
+  # ────────────────────────────────────────────────────────────────
+  # Secret Scanning
+  # Detect accidentally committed secrets before they hit the repo.
+  # ────────────────────────────────────────────────────────────────
+  secret-scan:
+    name: Secret Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Scan for secrets with Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+        continue-on-error: false
+
+  # ────────────────────────────────────────────────────────────────
+  # Dependency Security (SCA)
+  # Check for known CVEs in direct dependencies.
+  # ────────────────────────────────────────────────────────────────
+  dependency-scan:
+    name: Dependency Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect Node.js project
+        id: detect-node
+        run: |
+          if [ -f "package.json" ]; then
+            echo "IS_NODE=true" >> $GITHUB_OUTPUT
+          else
+            echo "IS_NODE=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Detect Python project
+        id: detect-python
+        run: |
+          if [ -f "requirements.txt" ] || [ -f "pyproject.toml" ] || [ -f "Pipfile" ]; then
+            echo "IS_PYTHON=true" >> $GITHUB_OUTPUT
+          else
+            echo "IS_PYTHON=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup Node.js
+        if: steps.detect-node.outputs.IS_NODE == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: npm audit (Node.js)
+        if: steps.detect-node.outputs.IS_NODE == 'true'
+        run: |
+          npm audit --audit-level=high --json > npm-audit.json || true
+          # Fail on CRITICAL vulnerabilities in direct dependencies
+          CRITICALS=$(cat npm-audit.json | python3 -c "
+          import json, sys
+          data = json.load(sys.stdin)
+          vulns = data.get('vulnerabilities', {})
+          criticals = [k for k, v in vulns.items() if v.get('severity') == 'critical' and v.get('isDirect', False)]
+          print(len(criticals))
+          " 2>/dev/null || echo "0")
+          
+          if [ "$CRITICALS" -gt 0 ]; then
+            echo "::error::$CRITICALS CRITICAL CVE(s) in direct dependencies. Run: npm audit fix"
+            exit 1
+          fi
+          echo "Dependency scan: no critical CVEs in direct dependencies"
+
+      - name: Setup Python
+        if: steps.detect-python.outputs.IS_PYTHON == 'true'
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: pip-audit (Python)
+        if: steps.detect-python.outputs.IS_PYTHON == 'true'
+        run: |
+          pip install pip-audit --quiet
+          pip-audit --format=json --output=pip-audit.json 2>/dev/null || pip-audit || true
+          echo "Python dependency scan complete"
+
+  # ────────────────────────────────────────────────────────────────
+  # IaC Security Scan
+  # Scan Terraform, Kubernetes, Helm, and Docker for misconfigurations.
+  # ────────────────────────────────────────────────────────────────
+  iac-scan:
+    name: IaC Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check for IaC files
+        id: detect-iac
+        run: |
+          if find . -name "*.tf" -o -name "*.tfvars" | grep -q .; then
+            echo "HAS_TERRAFORM=true" >> $GITHUB_OUTPUT
+          fi
+          if find . -name "*.yaml" -o -name "*.yml" | xargs grep -l "kind: Deployment\|kind: Service\|kind: ConfigMap" 2>/dev/null | grep -q .; then
+            echo "HAS_K8S=true" >> $GITHUB_OUTPUT
+          fi
+          if find . -name "Dockerfile" | grep -q .; then
+            echo "HAS_DOCKER=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Checkov (Terraform + K8s + Docker)
+        if: steps.detect-iac.outputs.HAS_TERRAFORM == 'true' || steps.detect-iac.outputs.HAS_K8S == 'true' || steps.detect-iac.outputs.HAS_DOCKER == 'true'
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          soft_fail: true
+          output_format: sarif
+          output_file_path: checkov.sarif
+        continue-on-error: true
+
+      - name: Upload Checkov SARIF
+        if: always() && (steps.detect-iac.outputs.HAS_TERRAFORM == 'true' || steps.detect-iac.outputs.HAS_K8S == 'true')
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: checkov.sarif
+        continue-on-error: true
+
+  # ────────────────────────────────────────────────────────────────
+  # SAST (CodeQL)
+  # Static analysis for common vulnerability classes.
+  # ────────────────────────────────────────────────────────────────
+  sast:
+    name: SAST (CodeQL)
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript-typescript', 'python']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check language files exist
+        id: check-lang
+        run: |
+          LANG="${{ matrix.language }}"
+          if [ "$LANG" = "javascript-typescript" ]; then
+            find . -name "*.js" -o -name "*.ts" | grep -v node_modules | grep -q . && echo "EXISTS=true" >> $GITHUB_OUTPUT || echo "EXISTS=false" >> $GITHUB_OUTPUT
+          elif [ "$LANG" = "python" ]; then
+            find . -name "*.py" | grep -q . && echo "EXISTS=true" >> $GITHUB_OUTPUT || echo "EXISTS=false" >> $GITHUB_OUTPUT
+          else
+            echo "EXISTS=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Initialize CodeQL
+        if: steps.check-lang.outputs.EXISTS == 'true'
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      - name: Autobuild
+        if: steps.check-lang.outputs.EXISTS == 'true'
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        if: steps.check-lang.outputs.EXISTS == 'true'
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
+
+  # ────────────────────────────────────────────────────────────────
+  # Release Gate (on workflow_dispatch with version)
+  # Full pre-release security checklist.
+  # ────────────────────────────────────────────────────────────────
+  release-gate:
+    name: Release Security Gate
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch' && github.event.inputs.release_version != ''
+    needs: [artefact-gate, secret-scan, dependency-scan, iac-scan, sast]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Run release gate
+        run: |
+          VERSION="${{ github.event.inputs.release_version }}"
+          echo "Running release gate for $VERSION"
+          
+          # Check all release artefacts
+          BLOCKERS=()
+          
+          for file in \
+            "docs/security-requirements.md" \
+            "docs/risk-register.md" \
+            "docs/threat-model.md" \
+            "docs/sast-findings.md" \
+            "docs/test-security-report.md"; do
+            if [ ! -f "$file" ]; then
+              BLOCKERS+=("MISSING: $file")
+            fi
+          done
+          
+          if [ ${#BLOCKERS[@]} -gt 0 ]; then
+            echo "::error::Release gate FAILED for $VERSION"
+            for b in "${BLOCKERS[@]}"; do
+              echo "::error::$b"
+            done
+            exit 1
+          fi
+          
+          echo "Release gate PASSED for $VERSION"
+          echo "Generate formal sign-off with:"
+          echo "  claude --agent release-manager 'Run pre-release security checklist for $VERSION'"

package/CHANGELOG.md

@@ -0,0 +1,49 @@
+# Changelog
+
+All notable changes to this project will be documented here.
+
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+
+---
+
+## [Unreleased]
+
+### Added
+- **npm package** `@kaademos/secure-sdlc` (root `package.json`) — global install via `npm install -g @kaademos/secure-sdlc`, `npx @kaademos/secure-sdlc`, semver releases;
+- **`secure-sdlc paths`** — prints `PACKAGE_ROOT` and MCP server path after install
+- **MCP server** (`mcp/`) — 10 `sdlc_*` tools for Cursor, Windsurf, Zed, Continue, and other MCP hosts
+- **CLI** (`cli/`) — `secure-sdlc` commands: `init`, `kickoff`, `status`, `gate`, `review`, `install-mcp`, `paths`
+- **Cursor rules** (`.cursor/rules/secure-sdlc.mdc`) — always-on security context and MCP tool triggers
+- **GitHub Actions** (`.github/workflows/secure-sdlc-gate.yml`) — artefact gate, Gitleaks, CodeQL, Checkov, dependency audits
+- **Git hooks** (`hooks/`) — `pre-commit` (secrets, anti-patterns), `pre-push` (protected-branch checks), `install.sh`
+- **Warp workflows** (`warp-workflows/`) — feature kickoff, PR review, threat model, release gate, status
+- **Stack profiles** (`stacks/`) — Next.js, FastAPI, Django, Express, Rails, generic Node.js
+- **Agents:** `security-champion`, `ai-security-engineer` (OWASP LLM Top 10–aligned)
+- `secure-sdlc.yaml` scaffold generated by `secure-sdlc init`
+
+### Changed
+- **README.md** — multi-tool setup (Claude Code, CLI, MCP), command references, integration map
+- **CLAUDE.md** — extended roster, phase detection, `secure-sdlc.yaml`, stack profiles, AI-feature rule, MCP equivalents
+
+### Fixed
+- CLI `init` / `install-mcp` repository root resolution so templates, hooks, and workflows copy from the correct path
+
+### Earlier baseline (same release train)
+- Six Secure SDLC sub-agents
+- CLAUDE.md orchestrator with full lifecycle phase definitions
+- All 8 document templates: security-requirements, risk-register, threat-model,
+  infra-security-review, sast-findings, test-security-report, release-sign-off,
+  compliance-attestation
+- Three worked examples: login feature, REST API endpoint, file upload
+- README with honest caveat on agent limitations
+- CONTRIBUTING.md, LICENSE, GitHub issue and PR templates
+
+---
+
+## How to read this file
+
+- **Added** — new agents, templates, examples, or features
+- **Changed** — updates to existing agent guidance or templates
+- **Fixed** — corrections to inaccurate security guidance
+- **Deprecated** — content that will be removed in a future version
+- **Removed** — content that has been removed

package/CLAUDE.md

@@ -0,0 +1,195 @@
+# Secure SDLC — Multi-Agent Orchestration
+
+This project uses a team of specialised sub-agents to enforce security throughout the entire
+Software Development Lifecycle (SDLC). Each agent has a defined role, phase, and set of
+responsibilities. The orchestrator (you, the main Claude Code session) coordinates them.
+
+---
+
+## Agent Roster
+
+| Agent file | Role | Primary phases |
+|---|---|---|
+| `product-manager` | Secure requirements via ASVS | Plan |
+| `grc-analyst` | Compliance, risk register, audit evidence | Plan → Release |
+| `appsec-engineer` | Threat modelling, SAST/DAST, vuln triage | Design → Test |
+| `cloud-platform-engineer` | IaC security, CSPM, secrets, hardening | Design → Release |
+| `dev-lead` | Secure coding patterns, PR review, dependency review | Build → Test |
+| `release-manager` | Security sign-off, go/no-go gate | Release |
+| `security-champion` | First-line security Q&A and lightweight review | All phases |
+| `ai-security-engineer` | AI/LLM feature security, prompt injection, agentic risks | Design → Test |
+
+---
+
+## Lifecycle Phases & Handoffs
+
+### 1. PLAN
+- Invoke `product-manager` to elicit and document security requirements mapped to ASVS levels.
+- Invoke `grc-analyst` to produce the initial risk register and identify applicable compliance
+  frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS, etc.).
+- Output: `docs/security-requirements.md`, `docs/risk-register.md`
+
+### 2. DESIGN
+- Invoke `appsec-engineer` to run a structured threat model (STRIDE or LINDDUN) against the
+  proposed architecture.
+- Invoke `cloud-platform-engineer` to review infrastructure design for misconfigurations,
+  privilege escalation paths, and secrets handling.
+- Invoke `grc-analyst` to map architecture decisions to compliance controls.
+- Output: `docs/threat-model.md`, `docs/infra-security-review.md`
+
+### 3. BUILD
+- Invoke `dev-lead` on every pull request or significant code change to enforce secure coding
+  standards and review dependencies (SCA).
+- Invoke `appsec-engineer` to triage any SAST findings and provide remediation guidance.
+- Invoke `cloud-platform-engineer` to validate IaC changes (Terraform, Helm, etc.) and
+  check for exposed secrets.
+- Output: inline PR comments, `docs/sast-findings.md`
+
+### 4. TEST
+- Invoke `appsec-engineer` to coordinate DAST, fuzz testing, and interpret penetration test
+  findings.
+- Invoke `dev-lead` to implement fixes for confirmed vulnerabilities and run security
+  regression tests.
+- Invoke `grc-analyst` to collect test evidence for audit artefacts.
+- Output: `docs/test-security-report.md`, `docs/audit-evidence/`
+
+### 5. RELEASE
+- Invoke `release-manager` to execute the pre-release security checklist and issue a
+  go/no-go decision.
+- Invoke `grc-analyst` for final compliance attestation.
+- Invoke `cloud-platform-engineer` to confirm production hardening (WAF, SIEM alerts,
+  runtime protection) is in place.
+- Output: `docs/release-security-sign-off.md`
+
+---
+
+## Orchestration Rules
+
+1. **Never skip a phase gate.** Each phase produces artefacts that the next phase depends on.
+ If a required artefact is missing, halt and request it before proceeding.
+
+2. **Severity thresholds block progression:**
+ - CRITICAL or HIGH unmitigated findings block the Build → Test and Test → Release gates.
+ - MEDIUM findings must have an accepted risk or remediation plan before release.
+ - LOW findings are tracked in the risk register.
+
+3. **All findings are traceable.** Every vulnerability or risk identified by any agent must
+ be recorded in `docs/risk-register.md` with an owner, severity, and status.
+
+4. **ASVS is the requirements anchor.** The product-manager agent maps every security
+ requirement to an ASVS control reference. All other agents reference these when providing
+ guidance.
+
+5. **Agents collaborate, not compete.** If two agents produce conflicting guidance (e.g.
+ appsec-engineer and cloud-platform-engineer disagree on an approach), escalate to the
+ orchestrator for resolution and document the decision.
+
+6. **AI features require the ai-security-engineer.** Any feature that calls an LLM API,
+ processes user input sent to a model, or uses agentic patterns MUST be reviewed by
+ `ai-security-engineer` in addition to the standard AppSec review. Prompt injection,
+ indirect prompt injection, and excessive agency are SDLC risks, not afterthoughts.
+
+7. **Check `secure-sdlc.yaml` for project configuration.** If `secure-sdlc.yaml` exists
+ in the project root, use it to determine the ASVS level, applicable compliance frameworks,
+ and which CI gates are configured. If it doesn't exist, prompt the user to run
+ `secure-sdlc init` or create it manually.
+
+8. **Phase detection.** Before starting work, check which SDLC artefacts exist in `docs/`:
+ - No artefacts → start with PLAN phase
+ - Requirements + risk register exist → proceed to DESIGN
+ - Threat model exists → proceed to BUILD
+ - SAST findings documented → proceed to TEST
+ - Test report exists → ready for RELEASE gate
+ The command `secure-sdlc status` provides a visual summary.
+
+---
+
+## Quick-start Commands
+
+```bash
+# ── Zero-friction setup ────────────────────────────────────────────────────
+# Install Secure SDLC in your project (docs, hooks, CI, config)
+secure-sdlc init --cursor          # + Cursor MCP integration
+
+# Interactive feature kickoff wizard
+secure-sdlc kickoff
+
+# Check current SDLC phase
+secure-sdlc status
+
+# ── Per-phase agent commands ───────────────────────────────────────────────
+# PLAN: Start a new feature with secure requirements
+claude --agent product-manager "Define security requirements for [feature] using ASVS L2"
+claude --agent grc-analyst "Initialise risk register for [feature]. Map to [SOC2/GDPR/etc]"
+
+# DESIGN: Threat model + infrastructure review
+claude --agent appsec-engineer "Threat model [architecture] using STRIDE"
+claude --agent cloud-platform-engineer "Review IaC for [feature]: [describe changes]"
+
+# DESIGN (AI features): Additional AI security review
+claude --agent ai-security-engineer "Security review AI feature: [describe model usage, inputs, tools]"
+
+# BUILD: PR review
+claude --agent dev-lead "Review PR #[N] for secure coding issues and dependency risks"
+claude --agent appsec-engineer "Triage SAST findings for PR #[N]"
+
+# Quick security questions (any phase)
+claude --agent security-champion "Is [pattern/library/approach] safe? Context: [what you're building]"
+
+# RELEASE: Pre-release security gate
+secure-sdlc gate v[X.Y.Z]
+claude --agent release-manager "Run pre-release security checklist for v[X.Y.Z]"
+
+# ── MCP tool equivalents (for Cursor, Windsurf, and other MCP hosts) ──────
+# sdlc_plan_feature, sdlc_threat_model, sdlc_review_pr, sdlc_review_infra,
+# sdlc_triage_sast, sdlc_release_gate, sdlc_check_compliance,
+# sdlc_security_champion, sdlc_ai_security_review
+```
+
+---
+
+## Artefact Directory Layout
+
+```
+docs/
+  security-requirements.md     # ASVS-mapped requirements (PM agent)
+  risk-register.md             # Live risk tracking (GRC agent)
+  threat-model.md              # STRIDE/threat model (AppSec agent)
+  infra-security-review.md     # IaC & cloud review (Cloud/Platform agent)
+  sast-findings.md             # Static analysis findings (AppSec + Dev Lead)
+  test-security-report.md      # DAST, pentest summary (AppSec agent)
+  release-security-sign-off.md # Final gate (Release Manager)
+  audit-evidence/              # Compliance artefacts (GRC agent)
+
+secure-sdlc.yaml               # Project security configuration
+```
+
+## Stack-Specific Guidance
+
+If the project uses one of these stacks, reference the relevant profile in `stacks/`:
+
+| Stack | Profile |
+|---|---|
+| Next.js (App Router) | `stacks/nextjs.md` |
+| FastAPI | `stacks/fastapi.md` |
+| Django | `stacks/django.md` |
+| Express.js | `stacks/express.md` |
+| Ruby on Rails | `stacks/rails.md` |
+
+Stack profiles contain framework-specific vulnerability patterns, secure coding examples,
+and recommended libraries. Reference them when the dev-lead or appsec-engineer agents
+provide stack-specific guidance.
+
+## Multi-Tool Integration
+
+This agent team is available through multiple integration points:
+
+| Tool | Integration |
+|---|---|
+| Claude Code | `.claude/agents/` sub-agents (this repository) |
+| Cursor | MCP server (`mcp/`) + Cursor rules (`.cursor/rules/`) |
+| Windsurf / Zed / Continue | MCP server (`mcp/`) |
+| Any terminal | CLI (`cli/`) — `secure-sdlc init|kickoff|review|gate|status` |
+| Warp terminal | Workflows (`warp-workflows/`) |
+| GitHub Actions | CI workflow (`.github/workflows/secure-sdlc-gate.yml`) |
+| Git | Hooks (`hooks/pre-commit`, `hooks/pre-push`) |

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 kaademos
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.