@kennethsolomon/shipkit 1.0.0

package/commands/sk/release.md

@@ -0,0 +1,72 @@
+---
+description: "Automate releases: bump version, update CHANGELOG, create tag, push to GitHub. Use --android and/or --ios flags for App Store / Play Store readiness audit."
+---
+
+<!-- Generated by /sk:setup-claude -->
+
+# /sk:release
+
+Automate the release process for your project. Supports optional mobile store submission review.
+
+## Usage
+
+```
+/sk:release                    # Git release only
+/sk:release --android          # Git release + Play Store audit
+/sk:release --ios              # Git release + App Store audit
+/sk:release --android --ios    # Git release + both store audits
+```
+
+## Hard Rules
+
+- **DO NOT** release without reviewing CHANGELOG.md changes
+- **DO NOT** proceed if CHANGELOG.md has no [Unreleased] section
+- You **must** have a git remote origin (GitHub, GitLab, etc.)
+- Version format must follow semantic versioning (e.g., v1.0.0, v0.2.0-beta)
+- When `--android` or `--ios` flags are present, **always run the store audit after the git release**
+
+## Steps
+
+1. **Parse flags** — Check for `--android` and/or `--ios` in the user's invocation.
+
+2. **Verify CHANGELOG.md** — Check that the [Unreleased] section has the changes you want to release. If not, update CHANGELOG.md first and commit.
+
+3. **Run the release script** — This will:
+   - Auto-detect: project name, current version, GitHub URL
+   - Prompt for: new version number
+   - Suggest: release title based on changes
+   - Update: CHANGELOG.md (move [Unreleased] -> [Version])
+   - Update: version in CLAUDE.md (if it has a Version line)
+   - Create: git commit with release message
+   - Create: annotated git tag
+   - Push: tag to GitHub (with confirmation at each step)
+
+4. **Complete the release on GitHub** — The script will show you the GitHub releases link. Go there and:
+   - Click "Create release from tag"
+   - Use the suggested title
+   - Copy the changelog section as release notes
+   - Publish the release
+
+5. **(If --android or --ios)** **Run Store Readiness Audit** — The release skill will:
+   - Auto-detect the mobile framework (Expo, React Native, Flutter, native, Capacitor)
+   - Detect if this is a first-time submission or an update
+   - Walk through every item in the store checklist, checking config files
+   - Report status for each item: PASS / FAIL / WARN / MANUAL CHECK NEEDED
+   - Propose fixes for config issues (with your approval)
+   - Guide you through manual steps (screenshots, store listing, etc.)
+   - Present a summary report with next steps and build/submit commands
+
+## When Done
+
+> "Release {version} completed! Check GitHub to finalize the release."
+
+If store flags were used:
+> "Store readiness audit complete. See the summary report above for remaining action items."
+
+## Notes
+
+- Each step (commit, tag, push) requires your confirmation
+- You can skip any step and do it manually later
+- The script works with any project type: Node, Python, Go, Rust, etc.
+- Requires: CHANGELOG.md file with [Unreleased] section
+- Store audits support: Expo, React Native, Flutter, native Android/iOS, Capacitor/Ionic, .NET MAUI

package/commands/sk/security-check.md

@@ -0,0 +1,188 @@
+---
+description: "Audit changed code for security best practices, production-grade quality, and industry gold standards."
+---
+
+<!-- Generated by /sk:setup-claude -->
+
+# /sk:security-check
+
+Audit code for security vulnerabilities, production-grade quality, and industry gold-standard compliance.
+
+By default, this checks only files changed on the current branch. Use `--all` to scan the entire project.
+
+## Hard Rules
+
+- **DO NOT fix code.** This is an audit — report only. The user decides what to fix.
+- **DO NOT skip checks** because the project is small or simple. Production is production.
+- **Every finding must cite a specific file and line number.**
+- **Every finding must reference the standard it violates** (OWASP, CWE, NIST, etc.).
+
+## Before You Start
+
+1. Read `CLAUDE.md` to understand the project's stack and conventions.
+2. If `tasks/security-findings.md` exists, read it — check if prior findings have been addressed.
+3. If `tasks/lessons.md` exists, read it — apply security-related lessons as targeted checks.
+
+## Determine Scope
+
+**Default (changed files only):**
+```bash
+git diff main..HEAD --name-only
+```
+
+**If the user says `--all` or "scan everything":**
+```bash
+find . -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" -o -name "*.py" -o -name "*.go" -o -name "*.rs" -o -name "*.php" -o -name "*.rb" -o -name "*.java" \) \
+  -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/vendor/*" -not -path "*/dist/*" -not -path "*/build/*"
+```
+
+Read each file in scope before auditing.
+
+## Security Audit Checklist
+
+### 1. OWASP Top 10 (2021)
+
+- **A01 Broken Access Control** — Missing auth checks, IDOR, privilege escalation, CORS misconfiguration
+- **A02 Cryptographic Failures** — Weak hashing, plaintext secrets, missing TLS, insecure random
+- **A03 Injection** — SQL, NoSQL, OS command, LDAP, template injection, XSS (reflected/stored/DOM)
+- **A04 Insecure Design** — Missing rate limiting, no abuse-case thinking, trust boundary violations
+- **A05 Security Misconfiguration** — Default credentials, verbose errors in production, unnecessary features enabled, missing security headers
+- **A06 Vulnerable Components** — Known CVEs in dependencies, outdated packages
+- **A07 Auth Failures** — Weak passwords allowed, missing brute-force protection, session fixation, missing MFA where needed
+- **A08 Data Integrity Failures** — Untrusted deserialization, missing integrity checks, insecure CI/CD
+- **A09 Logging Failures** — Missing audit logs, PII in logs, no alerting on security events
+- **A10 SSRF** — Unvalidated URLs, internal network access, DNS rebinding
+
+### 2. Stack-Specific Checks (Unknown / Unknown)
+
+**If Unknown includes React/Next.js:**
+- `dangerouslySetInnerHTML` usage without sanitization
+- Client-side secrets (API keys in browser bundles)
+- Missing CSP headers
+- Server component data leaking to client
+- `getServerSideProps`/Server Actions exposing internal data
+
+**If Unknown includes Express/Node.js:**
+- Missing helmet/security headers
+- Unsanitized user input in `req.params`, `req.query`, `req.body`
+- Path traversal via `req.params` in file operations
+- Missing rate limiting on auth endpoints
+- Prototype pollution
+
+**If Unknown is Python:**
+- `eval()`, `exec()`, `pickle.loads()` with untrusted input
+- SQL string formatting instead of parameterized queries
+- `subprocess.shell=True` with user input
+- Missing input validation on FastAPI/Django endpoints
+- Jinja2 `| safe` filter misuse
+
+**If Unknown is Go:**
+- Unchecked error returns on security-critical operations
+- `html/template` vs `text/template` confusion
+- Missing context cancellation/timeouts
+- Race conditions on shared state
+
+**If Unknown is PHP:**
+- `include`/`require` with user-controlled paths
+- `mysqli_query` without prepared statements
+- Missing CSRF tokens
+- `extract()` with user input
+
+### 3. Production Readiness
+
+- **Error handling** — No swallowed errors, no stack traces leaked to users, graceful degradation
+- **Input validation** — All external inputs validated at system boundaries (API, forms, file uploads)
+- **Environment separation** — No hardcoded dev/staging URLs, secrets not committed, `.env` in `.gitignore`
+- **Dependency hygiene** — Lock files committed, no `*` version ranges, no known vulnerabilities
+- **Logging** — Structured logging present, no sensitive data logged, appropriate log levels
+- **Configuration** — Secrets via env vars (not code), feature flags for risky features, timeouts on external calls
+
+### 4. Data Protection
+
+- **PII handling** — Personal data encrypted at rest, masked in logs, retention policy considered
+- **Authentication tokens** — HttpOnly + Secure + SameSite cookies, short-lived JWTs, refresh token rotation
+- **Database** — Parameterized queries everywhere, principle of least privilege on DB users, backups configured
+- **File uploads** — Type validation (not just extension), size limits, sandboxed storage
+
+## Generate Report
+
+Write findings to `tasks/security-findings.md` using this format:
+
+```markdown
+# Security Audit — YYYY-MM-DD
+
+**Scope:** Changed files on branch `<branch-name>` | Full project scan
+**Stack:** Unknown / Unknown
+**Files audited:** N
+
+## Critical (must fix before deploy)
+
+- **[FILE:LINE]** Description of vulnerability
+  **Standard:** OWASP A03 — Injection (CWE-89)
+  **Risk:** What could happen if exploited
+  **Recommendation:** How to fix it
+
+## High (fix before production)
+
+- **[FILE:LINE]** Description
+  **Standard:** ...
+  **Risk:** ...
+  **Recommendation:** ...
+
+## Medium (should fix)
+
+- **[FILE:LINE]** Description
+  **Standard:** ...
+  **Recommendation:** ...
+
+## Low / Informational
+
+- **[FILE:LINE]** Description
+  **Recommendation:** ...
+
+## Passed Checks
+
+- List of categories that passed with no findings
+
+## Summary
+
+| Severity | Count |
+|----------|-------|
+| Critical | N |
+| High     | N |
+| Medium   | N |
+| Low      | N |
+| **Total** | **N** |
+```
+
+## When Done
+
+Tell the user:
+
+> "Security audit complete. Findings saved to `tasks/security-findings.md`.
+> - **Critical:** N | **High:** N | **Medium:** N | **Low:** N
+>
+> Review the findings, then run `/sk:finish-feature` when ready to finalize."
+
+If there are Critical or High findings:
+> "There are critical/high findings that should be addressed before merging. Fix them, then re-run `/sk:security-check` to verify."
+
+**Do not auto-fix.** The user decides what to address.
+
+---
+
+## Model Routing
+
+Read `.shipkit/sk:config.json` from the project root if it exists.
+
+- If `model_overrides["sk:security-check"]` is set, use that model — it takes precedence.
+- Otherwise use the `profile` field. Default: `balanced`.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | opus (inherit) |
+| `quality` | opus (inherit) |
+| `balanced` | sonnet |
+| `budget` | haiku |
+
+> `opus` = inherit. When spawning sub-agents via the Agent tool, pass `model: "<resolved-model>"`.

package/commands/sk/set-profile.md

@@ -0,0 +1,71 @@
+---
+description: "Switch the ShipKit model routing profile for this project."
+---
+
+# /sk:set-profile
+
+Quickly switch the model routing profile for this project.
+
+Usage: `/sk:set-profile <profile>`
+
+Valid profiles: `full-sail` · `quality` · `balanced` · `budget`
+
+## Profiles
+
+| Profile | Philosophy | Best for |
+|---------|-----------|---------|
+| `full-sail` | Opus on everything that matters | High-stakes work, client projects, production features |
+| `quality` | Opus for planning + review, Sonnet for implementation | Most professional projects |
+| `balanced` | Sonnet across the board *(default)* | Day-to-day development |
+| `budget` | Haiku where possible, Sonnet for gates | Side projects, exploration, prototyping |
+
+## Model Table
+
+| Skill | full-sail | quality | balanced | budget |
+|-------|-----------|---------|----------|--------|
+| brainstorm, write-plan, debug, execute-plan, review | opus | opus | sonnet | sonnet |
+| write-tests, frontend-design, api-design, security-check | opus | sonnet | sonnet | sonnet |
+| perf, schema-migrate, accessibility | opus | sonnet | sonnet | haiku |
+| lint, test | sonnet | sonnet | haiku | haiku |
+| smart-commit, branch, update-task | haiku | haiku | haiku | haiku |
+
+Note: `opus` = inherit (uses the current session model). Switch to Opus 4.5 in your session to get the full benefit.
+
+## Steps
+
+### 1 — Validate input
+
+If no profile argument provided, show the profile table above and ask: "Which profile? (full-sail / quality / balanced / budget)"
+
+If an invalid profile name is given, show the valid options.
+
+### 2 — Read current config
+
+Read `.shipkit/sk:config.json` if it exists. Otherwise start with defaults.
+
+### 3 — Update profile
+
+Set `profile` to the chosen value.
+
+### 4 — Write config
+
+1. Create `.shipkit/` directory if it does not exist
+2. Write updated config to `.shipkit/sk:config.json`
+3. Add `.shipkit/` to `.gitignore` if not already present
+
+### 5 — Confirm
+
+Display:
+
+```
+Profile set to: <profile>
+
+Model assignments for this project:
+  brainstorm, write-plan, debug, execute-plan, review → <model>
+  write-tests, frontend-design, api-design, security-check → <model>
+  perf, schema-migrate, accessibility → <model>
+  lint, test → <model>
+  smart-commit, branch, update-task → haiku
+
+Run /sk:config to see all settings or make further changes.
+```

package/commands/sk/status.md

@@ -0,0 +1,25 @@
+---
+description: “Show planning and workflow status at a glance.”
+---
+
+<!-- Generated by /sk:setup-claude -->
+
+# /sk:status
+
+Read `tasks/todo.md` and `tasks/workflow-status.md`, then display a compact status summary.
+
+## What to show
+
+### Workflow Status (from `tasks/workflow-status.md`)
+- Current step: show the step marked `>> next <<`
+- Completed steps: count of `done` steps vs total
+- Any steps marked `partial` or with notable Notes
+- If no workflow file exists, say “No active workflow”
+
+### Task Status (from `tasks/todo.md`)
+- Total plan items vs completed plan items (checkbox count)
+- Errors count (if the file has an Errors section/table)
+- Whether `tasks/findings.md` and `tasks/progress.md` exist
+
+Keep it brief: answer “where am I?” and “what’s next?”.
+

package/commands/sk/update-task.md

@@ -0,0 +1,35 @@
+---
+description: "Mark current task done in tasks/todo.md and log completion to tasks/progress.md."
+---
+
+# /sk:update-task
+
+Mark the current task as complete and log progress.
+
+## Steps
+
+### 1. Identify Current Task
+- Read `tasks/todo.md` and find the task that matches the current branch or the most recently worked-on incomplete task
+- Read `tasks/progress.md` to understand what was done
+
+### 2. Mark Task Done
+- In `tasks/todo.md`, change the task's checkbox from `[ ]` to `[x]`
+- If the task has subtasks, verify all subtasks are also checked
+
+### 3. Log Completion
+- Append a completion entry to `tasks/progress.md`:
+
+```markdown
+### [YYYY-MM-DD] [Task title] — COMPLETED
+- Branch: `<branch-name>`
+- Changes: [brief summary of what was implemented]
+- Tests: [test count and coverage]
+- Files changed: [count]
+```
+
+### 4. Check for Remaining Work
+- Show how many tasks remain in `tasks/todo.md`
+- Show the next incomplete task (if any)
+
+### 5. Confirm
+- Show the user what was marked done and logged

package/commands/sk/write-plan.md

@@ -0,0 +1,72 @@
+---
+description: "Write a decision-complete plan into tasks/todo.md (no code yet)."
+---
+
+<!-- Generated by /sk:setup-claude -->
+
+# /sk:write-plan
+
+Create a decision-complete plan **before** writing code.
+
+## Steps
+
+1. Ensure planning files exist:
+   - `tasks/todo.md`
+   - `tasks/findings.md`
+   - `tasks/progress.md`
+2. Read context files:
+   - `tasks/findings.md` — requirements + discoveries; extract problem statement,
+     constraints, and open questions explicitly into the plan
+   - `tasks/lessons.md` — if it exists, apply all active lessons as constraints
+     before writing any plan steps
+3. Update `tasks/todo.md` with:
+   - **Goal** (1–2 lines)
+   - **Milestones** — group tasks under milestone headers for multi-phase projects
+   - **Plan** as checkboxes organized into waves:
+     ```
+     ### Milestone: <name> (optional, for multi-phase projects)
+
+     #### Wave 1 (parallel)
+     - [ ] Task A
+     - [ ] Task B
+
+     #### Wave 2 (depends on Wave 1)
+     - [ ] Task C (needs A)
+     - [ ] Task D (needs A, B)
+     ```
+     Tasks in the same wave can run in parallel. Tasks in later waves
+     depend on earlier waves — note the specific dependency in parentheses.
+   - **Verification** commands (exact commands + expected outcomes)
+   - **Acceptance criteria** (clear "done" conditions)
+   - **Risks/unknowns** (anything still ambiguous)
+4. Verify the plan against requirements:
+   - Cross-check every requirement from `tasks/findings.md` — does the plan
+     address what brainstorm decided? Flag any requirement with no matching task.
+   - Completeness check — are all requirements covered? List any gaps.
+   - Dependency analysis — are tasks ordered correctly? Could any sequential
+     tasks actually run in parallel (same wave)?
+5. Present the plan to the user and wait for approval.
+
+## Rules
+- No implementation until the plan is approved.
+- If something is unclear, add a plan step to explore it first.
+- Every requirement in `tasks/findings.md` must map to at least one task.
+- Prefer parallel waves where possible to minimize total steps.
+
+---
+
+## Model Routing
+
+Read `.shipkit/sk:config.json` from the project root if it exists.
+
+- If `model_overrides["sk:write-plan"]` is set, use that model — it takes precedence.
+- Otherwise use the `profile` field. Default: `balanced`.
+
+| Profile | Model |
+|---------|-------|
+| `full-sail` | opus (inherit) |
+| `quality` | opus (inherit) |
+| `balanced` | sonnet |
+| `budget` | sonnet |
+
+> `opus` = inherit. When spawning sub-agents via the Agent tool, pass `model: "<resolved-model>"`.

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@kennethsolomon/shipkit",
+  "version": "1.0.0",
+  "description": "A structured workflow toolkit for Claude Code.",
+  "keywords": ["claude", "claude-code", "workflow", "tdd", "ai", "developer-tools"],
+  "author": "Kenneth Solomon",
+  "license": "MIT",
+  "bin": {
+    "shipkit": "bin/shipkit.js"
+  },
+  "files": [
+    "bin",
+    "commands/sk",
+    "skills"
+  ],
+  "engines": {
+    "node": ">=16.7.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kennethsolomon/shipkit.git"
+  }
+}

package/skills/sk:accessibility/LICENSE.txt

@@ -0,0 +1,177 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS