@piprail/sdk 1.0.0

package/CHANGELOG.md

@@ -0,0 +1,160 @@
+# Changelog
+
+All notable changes to `@piprail/sdk` are documented here. The format
+follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the
+versions follow [Semantic Versioning](https://semver.org/).
+
+## [1.0.0] — 2026-06-02
+
+The multi-chain rewrite and first stable release. **24 chains across 8 families**
+(17 EVM + Solana, TON, Tron, NEAR, Sui, Stellar, XRPL), plus agent spend controls,
+a gas/cost estimator, and an agent toolkit — one parameter still picks everything.
+Everything below is **opt-in**; the zero-config client and gate are unchanged.
+
+> The earlier 0.1.x–0.2.0 preview line (single-chain) has been withdrawn from npm;
+> `npm install @piprail/sdk` now resolves to 1.0.0.
+
+### Agent spend controls (client)
+- **`policy`** on `PipRailClient` — `maxAmount` (per call) + `maxTotal` (lifetime,
+  per token) ceilings and `chains` / `tokens` / `hosts` allowlists. A 402 outside
+  the policy is refused with the new **`PaymentDeclinedError`** (`PAYMENT_DECLINED`)
+  **before any on-chain send**. Caps are enforced against the token's **true**
+  decimals (via the new driver `describeAsset`), so a server can't understate a price.
+- **`client.quote(url)`** — learn the price of a gated URL **without paying** (returns
+  a `PipRailQuote`, or `null` when the URL isn't gated). Flags a `symbolMismatch` when
+  a challenge's stated symbol disagrees with the real token.
+- **`onBeforePay(quote)`** — a final approval hook per payment; returning `false`
+  (or throwing) declines without paying.
+- **`client.spent()`** — an in-memory ledger snapshot, aggregated per token.
+
+### Multi-chain accepts (gate)
+- `requirePayment` / `createPaymentGate` accept an **`accept: [{ chain, token, amount,
+  payTo? }, …]`** array — one challenge offers several chains, and the agent pays with
+  whatever it holds. `verify()` re-derives every checked field from the server's own
+  requirement for the claimed network (a forged echo can't redirect it). The legacy
+  single-chain form is unchanged.
+
+### Agent toolkit
+- **`paymentTools(client)`** — framework-agnostic tool descriptors (name + description +
+  JSON Schema + `invoke`) for MCP, the Vercel AI SDK, OpenAI/Anthropic function-calling,
+  or LangChain. The client's budget rides along, so the model can't overspend.
+
+### x402 `exact`-scheme interop (experimental, EVM)
+- Building blocks to pay servers on the mainstream x402 `exact` scheme (EIP-3009 +
+  facilitator): `parseExactRequirements`, `buildExactAuthorization`,
+  `encodeXPaymentHeader`, `chainIdForExactNetwork`. Not wired into the default client
+  flow — hand-roll with these and validate against your target facilitator.
+
+### Gas / cost estimator
+- **`client.estimateCost(url)`** — learn the **network fee (gas)** to pay a gated URL,
+  WITHOUT paying. Returns a `PipRailCostQuote` (`{ quote, cost }`): the payment quote
+  plus a `CostEstimate` — the fee in the chain's **native coin** (you pay USDC but burn
+  ETH/SOL/TON/XLM/XRP/TRX on gas, a separate balance). Best-effort + labelled (`cost.basis`):
+  live-RPC where cheap (`'estimated'`), a typical-cost constant otherwise (`'heuristic'`);
+  never throws. So an agent budgets the *total* — payment + gas — before any funds move.
+  Most valuable on Tron, where a USD₮ transfer costs real TRX.
+- New driver-contract method **`estimateCost(accept, opts?)`** (required), implemented across
+  all eight families. The per-chain fee math (EVM gas × price, Solana lamports, Tron energy ×
+  price via `triggerConstantContract`, XRPL drops, …) is extracted in each driver and shaped
+  uniformly by one shared `nativeCost()` helper (`util/cost.ts`). `opts.from` sharpens
+  sender-dependent fees (Tron energy).
+- `WalletInput` now includes XRPL's `{ seed }` / `{ wallet }` and documents Tron's
+  `{ privateKey }`, so every built-in family is type-correct on `PipRailClient`.
+
+### Driver contract
+- Added **`describeAsset(asset)`** to `ResolvedNetwork` (trusted decimals/symbol for a
+  known asset, or `null`), implemented across EVM/Solana/TON/Stellar/XRPL/Tron/NEAR/Sui.
+
+### Chains
+- Now **24 chains built in** (17 EVM + Solana + TON + Tron + NEAR + Sui + Stellar + XRPL).
+  Beyond 0.1.0's set, this cycle added the **Sei** + **Injective** EVM presets, **Stellar**,
+  **Tron**, the **XRP Ledger**, and now **NEAR** and **Sui**. One parameter still picks
+  everything; the non-EVM families auto-mount on first use (pure-EVM installs never
+  download their libs).
+- **NEAR** (`chain: 'near'`, optional peer `near-api-js`) — the "user-owned AI" chain, with
+  **both native USDC + USDT** (`ft_metadata`-verified; Circle's `17208628…` and Tether's
+  `usdt.tether-token.near`, NOT bridged). Template A binding (nonce in the NEP-141
+  `ft_transfer` memo) **verified by tx hash** — proof ref `<accountId>:<txHash>`, and only an
+  ft_transfer event from the trusted token contract counts (provenance). **NEP-141 only**
+  (native NEAR isn't a payment asset); recipients need a one-time NEP-145 `storage_deposit`.
+  Wallets are `{ accountId, privateKey }`; custom NEP-141 via `{ contractId, decimals }`.
+- **Sui** (`chain: 'sui'`, optional peer `@mysten/sui` v2 — `SuiJsonRpcClient`) — Move L1, sub-second finality, native
+  Circle **USDC** (`suix_getCoinMetadata`-verified; no native USDT on Sui). Template B
+  (digest-bound): the proof is the tx digest, verified via balance changes + single-use.
+  Ships the standard self-gas `Coin<USDC>` transfer; Sui's protocol-level **gasless** stablecoin
+  path (no sponsor/relayer) is a documented future enhancement, not claimed on this path.
+  Wallets are `{ privateKey }` (suiprivkey1…) or `{ keypair }`; custom coins via `{ coinType, decimals }`.
+- **Tron** (`chain: 'tron'`, optional peer `tronweb`) — the largest USDT rail (~45% of
+  all USDT). Ships **USD₮ (TRC-20) only** — native USDC doesn't exist on Tron, and it's
+  **TRC-20 only** (native TRX isn't a payment asset). Digest-bound (Template B): the
+  proof is the txid, verified on the **solidity/confirmed node** and single-use. Wallets
+  are `{ privateKey }`; custom TRC-20 via `{ address, decimals }`.
+- **XRP Ledger** (`chain: 'xrpl'`, optional peer `xrpl`) — native **USDC + RLUSD**, plus
+  native XRP. Memo-bound (Template A): the nonce rides in a Memo (binding) + a derived
+  DestinationTag (deliverability). Verification compares **`delivered_amount`**, never
+  `Amount`, to defeat `tfPartialPayment`; receiving an IOU needs a one-time trustline.
+  Wallets are `{ seed }`; custom IOUs via `{ issuer, currencyHex, decimals }`.
+- Every token address verified on-chain before shipping (XRPL issuer Domains →
+  circle.com / ripple.com, codes via `gateway_balances`; Tron USD₮ decimals 6 / symbol
+  USDT via TronGrid).
+
+## [0.1.0] — 2026-06-01
+
+Initial release of the standalone PipRail SDK. One job: accept x402
+"402 Payment Required" payments on any EVM chain **and Solana**, with no
+hosted service, no account, no database, and no fee — payments settle
+straight into your wallet. The API is small and self-contained.
+
+### Accept payments
+- `requirePayment(options)` — Express/Connect middleware that gates a route.
+  Issues the `402` challenge, then verifies the payment on-chain and calls
+  `next()`.
+- `createPaymentGate(options)` — framework-agnostic core (`challenge` +
+  `verify`) for Hono, Fastify, Workers, Next.js, Bun, Deno, Adonis, etc.
+- Payments are verified **locally against the chain's RPC** — that the tx
+  succeeded, has enough confirmations, moved at least the required amount of
+  the right token to `payTo`, and was mined recently. No third party.
+- In-memory replay protection (a used-tx set + a recency window), overridable
+  via `isUsed` / `markUsed` for multi-instance deploys.
+
+### Make payments
+- `PipRailClient` — wraps `fetch`; on a `402` it pays on-chain, waits for
+  confirmation, and retries with proof. `fetch` / `get` / `post` methods and
+  `onEvent` observability. EVM wallets are `{ privateKey }` or a viem
+  `{ walletClient }`; Solana wallets are `{ secretKey }` or `{ signer }`.
+
+### Chains
+- **15 EVM mainnets + Solana + TON**, selected by name: `'ethereum'`, `'base'`,
+  `'arbitrum'`, `'optimism'`, `'polygon'`, `'bnb'`, `'avalanche'`, `'mantle'`,
+  `'sonic'`, `'linea'`, `'scroll'`, `'celo'`, `'zksync'`, `'unichain'`,
+  `'worldchain'`, `'solana'`, and `'ton'` — each with canonical USDC (and USDT
+  where it exists) pre-filled. **Every token address was verified on-chain
+  before shipping**, and each chain's default RPC was checked live.
+- **TON** (the Telegram blockchain) ships USD₮ (Tether) — verified on-chain.
+  Native USDC does **not** exist on TON (Circle doesn't issue it there), so it's
+  intentionally absent; pass a custom jetton via `{ master, decimals }` for
+  USDe / bridged tokens. TON payments use jettons (TEP-74); the proof carries
+  the gate's nonce as the transfer comment, so it's bound to its challenge, and
+  verification reads the merchant's own jetton wallet (a look-alike jetton can't
+  satisfy it). Wallets are `{ mnemonic }` (24 words) or `{ keyPair }`.
+- `token` is **required** — a gate always states exactly what it accepts
+  (`'USDC'` / `'USDT'` / `'native'` / a custom `{ address, decimals }` or
+  `{ mint, decimals }`). The symbol resolves to the right contract + decimals;
+  there is no silent default.
+- Solana and TON **auto-mount** on first use — name `chain: 'solana'` or
+  `chain: 'ton'` and the driver loads itself with one lazy import, so pure-EVM
+  installs never download them. No setup call; just install the peer deps
+  (`@solana/web3.js @solana/spl-token bs58`, or `@ton/ton @ton/core @ton/crypto`).
+- Any other EVM chain works by passing a viem `Chain` or `{ id, rpcUrl }`
+  plus a `{ address, decimals }` token. No allowlist, no testnet presets —
+  test against mainnet with small amounts.
+- Built on a `PaymentDriver` contract (EVM + Solana ship; register your own
+  with `registerDriver`). `CHAINS` and `resolveChain` are exported too.
+
+### Notes
+- Self-custody throughout: the payer signs and broadcasts their own transfer
+  to your wallet; PipRail never holds funds.
+- `viem ^2.21` is a peer dependency. Node 20+ or a modern browser.
+
+[1.0.0]: https://www.npmjs.com/package/@piprail/sdk
+[0.1.0]: https://www.npmjs.com/package/@piprail/sdk

package/ERRORS.md

@@ -0,0 +1,182 @@
+# PipRail error handling — the standard
+
+This is the **single source of truth** for how `@piprail/sdk` reports errors. It is
+deliberately small and uniform: every module — the client, the server gate, the registry,
+and every chain driver (EVM, Solana, TON, Stellar, and any future family) — follows it
+*exactly*, so a human developer, a merchant server, or an AI agent always gets a **typed,
+understandable** reason, never an opaque chain-library blob.
+
+> If you're adding a chain/family/token, the `add-chain-integration` skill points here.
+> Follow §5 (the driver contract) verbatim and your module is consistent by construction.
+
+---
+
+## 1. Two channels, and only two
+
+Every failure surfaces through exactly one of two chain-agnostic channels:
+
+| | Channel | Shape | For |
+|---|---|---|---|
+| **1** | **THROWN** | a typed [`PipRailError`](src/errors.ts) subclass with a stable `.code` | config / flow / wallet / registry / affordability problems the caller acts on |
+| **2** | **RETURNED** | `VerifyResult` `{ ok: false, error, detail }` where `error` is a `VerifyErrorCode` | the outcome of verifying an on-chain proof (server side) |
+
+- **Thrown** errors are caught with `err instanceof PipRailError`, or branched on `err.code`
+  (a stable `SCREAMING_SNAKE` string). They never leak a raw `viem`/`@solana`/`@ton`/
+  `@stellar` error for a condition the SDK recognises.
+- **Returned** `VerifyResult` is how a driver's `verify()` reports *why a proof was rejected*
+  without throwing. The gate turns `{ ok: false, error, detail }` into the canonical 402
+  body `{ x402Version: 2, status: 'invalid', error, detail }` (built once by
+  [`toInvalidBody`](src/server.ts)); the client relays it to the agent.
+
+Rule of thumb: **config/flow/wallet/registry/affordability → throw; proof-verification
+outcome → return.** Replay (`tx_already_used`) is the one verify-style code emitted by the
+*gate* (not a driver), because only the gate owns the used-proof set.
+
+---
+
+## 2. Channel 1 — thrown `PipRailError`
+
+Base class [`PipRailError`](src/errors.ts) (abstract; `.name` = the subclass name; supports
+`{ cause }`). All are exported from the package root.
+
+| `.code` | Class | Thrown when | Thrown by |
+|---|---|---|---|
+| `WRONG_FAMILY` | `WrongFamilyError` | wallet / `payTo` / token given in another family's shape (or a malformed same-family shape) | every driver (`bindWallet`, `assertValidPayTo`, `resolveToken`) |
+| `UNKNOWN_TOKEN` | `UnknownTokenError` | a built-in token symbol the chain doesn't ship (e.g. `token: 'DOGE'`) | every driver (`resolveToken`) |
+| `INSUFFICIENT_FUNDS` | `InsufficientFundsError` | wallet can't cover the transfer (+ fees/reserve/trustline) | every driver (`send`) — see §6 |
+| `WRONG_CHAIN` | `WrongChainError` | a bring-your-own `walletClient` is on a different chain than configured | EVM wallet adapter; client pre-send guard |
+| `CONFIRMATION_TIMEOUT` | `ConfirmationTimeoutError` | broadcast OK but the tx didn't confirm within the driver's window (re-check the ref) | every driver (`confirm`) |
+| `PAYMENT_TIMEOUT` | `PaymentTimeoutError` | the **server** didn't respond within `retryTimeoutMs` *after* a confirmed payment | client |
+| `MAX_RETRIES_EXCEEDED` | `MaxRetriesExceededError` | server kept returning 402 after the proof confirmed — **message embeds the last server `error — detail`** | client |
+| `PAYMENT_DECLINED` | `PaymentDeclinedError` | the client refused to pay BEFORE any send — over the spend `policy` (amount/total/chain/token/host), or an `onBeforePay` hook returned false / threw | client |
+| `INVALID_ENVELOPE` | `InvalidEnvelopeError` | a 402 had no parseable x402 challenge | client |
+| `NO_COMPATIBLE_ACCEPT` | `NoCompatibleAcceptError` | the challenge offered no `accepts[]` entry for the client's network | client |
+| `NON_REPLAYABLE_BODY` | `NonReplayableBodyError` | `init.body` isn't replayable (e.g. a one-shot stream) | client |
+| `MISSING_DRIVER` | `MissingDriverError` | a family's **optional peer deps aren't installed** (the lazy `import()` failed) — message names the exact `npm install` and sets `{ cause }` | registry loaders |
+| `UNSUPPORTED_NETWORK` | `UnsupportedNetworkError` | no driver for the family, or the driver's `resolve()` returned `null` (unrecognised `chain`) | registry |
+
+`MISSING_DRIVER` vs `UNSUPPORTED_NETWORK` is a deliberate split: *deps not installed* vs
+*chain not supported*. Don't reuse one for the other.
+
+---
+
+## 3. Channel 2 — returned `VerifyErrorCode`
+
+A closed `snake_case` union ([`x402.ts`](src/x402.ts)). A driver's `verify()` returns one of
+these on `{ ok: false, error, detail }`. **The compiler enforces the set** — you can't invent
+a code, and you must use the same code other drivers use for the same condition.
+
+| code | meaning | transient? | who emits it |
+|---|---|---|---|
+| `tx_not_found` | proof tx not on chain yet (RPC lag) or a transient RPC read failed | **transient** | all drivers |
+| `insufficient_confirmations` | mined, but `< minConfirmations` | **transient** | EVM (chains with a discrete confirmation count) |
+| `tx_reverted` | the tx is on chain but failed / reverted | definitive | all |
+| `no_meta` | the tx carries no metadata to inspect | definitive | Solana |
+| `wrong_recipient` | paid, but not to `payTo` | definitive | EVM / Solana native path |
+| `amount_too_low` | paid to `payTo`, but `< required` | definitive | all |
+| `transfer_not_found` | no matching transfer (asset / amount / nonce) to `payTo` | definitive | all |
+| `payment_expired` | older than `maxTimeoutSeconds` (replay window) | definitive | all |
+| `tx_already_used` | this proof was already redeemed (replay) | definitive | the **gate** (not drivers) |
+
+**Family-specificity is structural, not drift.** Account-watch chains (TON, Stellar) scan the
+merchant account and can't tell "wrong recipient" from "no payment", so both collapse to
+`transfer_not_found`; `no_meta` is Solana-only; `insufficient_confirmations` needs a discrete
+confirmation count (EVM). Likewise EVM/Solana digest verifiers report a short token payment as
+`transfer_not_found` (no nonce binding to point at), while nonce-bound chains (TON/Stellar)
+can say `amount_too_low`. All correct.
+
+**`transient`/`definitive` are informational.** The built-in client retries **every** code up
+to `maxPaymentRetries` with a short backoff (which absorbs RPC lag) — it does *not* branch on
+the code. A consumer building a custom client may branch on it.
+
+---
+
+## 4. What the agent receives
+
+- **Rejected proof →** a `402` with body `{ x402Version: 2, status: 'invalid', error, detail }`.
+  Always build it with [`toInvalidBody(result)`](src/server.ts) so Express, Hono, Fastify,
+  Workers, etc. emit the *identical* envelope.
+- **Client gave up →** `MaxRetriesExceededError` whose message embeds the last server
+  `error — detail` (e.g. `… Last server rejection: amount_too_low — Paid 40000, required
+  500000.`), and a `payment-failed` event carrying the same reason.
+- **Client refused to pay →** `PaymentDeclinedError` thrown *before* any on-chain send — the
+  quote exceeded the client's `policy`, or an `onBeforePay` hook returned false. Nothing moved.
+- **Config / flow / wallet problem →** a thrown `PipRailError` with a stable `.code`.
+
+Observability hooks never change control flow: the gate wraps `onPaid`, and the client routes
+every event through a private `safeEmit()` that swallows handler throws — a logging bug can't
+abort a payment.
+
+---
+
+## 5. The driver error contract (follow this verbatim)
+
+Every `PaymentDriver` / `ResolvedNetwork` method has a fixed error behaviour:
+
+| method | on error |
+|---|---|
+| `resolve(opts)` | recognise + bind, **or return `null`** (registry maps `null` → `UnsupportedNetworkError`). Never throw a raw chain error for unrecognised input. |
+| `resolveToken(token)` | unknown built-in symbol → `UnknownTokenError`; a foreign-family object token → `WrongFamilyError` (call the shared [`rejectForeignToken(token, family, network)`](src/drivers/shared.ts)); a malformed own-family token → `WrongFamilyError`. |
+| `assertValidPayTo(payTo)` | a non-family address → `WrongFamilyError`. |
+| `bindWallet(wallet)` | a foreign / unusable wallet shape → `WrongFamilyError`. |
+| `send(wallet, accept)` | wrap the broadcast; map affordability → `InsufficientFundsError` (§6); **rethrow everything else unchanged** (never swallow). |
+| `verify(ref, accept)` | **return** a `VerifyResult` with a canonical `VerifyErrorCode`. **Guard every RPC read** so a transient failure returns `tx_not_found` — `verify()` must not throw for an RPC hiccup. Re-derive the watched account from the trusted `accept`, never the client ref. |
+| `confirm(ref, n)` | broadcast-but-not-confirmed / timeout → `ConfirmationTimeoutError`. |
+
+### 6. Affordability converges on one error, by two mechanisms
+
+"Wallet can't pay" must always surface as **`InsufficientFundsError`** — but the *detection*
+is per-chain, because each library exposes a different signal:
+
+- **Message-regex drivers (Solana, TON):** `send()` does
+  `catch (err) { throw toInsufficientFundsError(err) ?? err }`. The shared
+  [`toInsufficientFundsError`](src/errors.ts) matches the common "can't afford it" messages and
+  returns `null` on a miss (so the original error propagates unchanged — never swallowed).
+- **Structured-error drivers (EVM, Stellar):** detect from typed data — EVM walks viem's
+  `BaseError` chain for a nested `InsufficientFundsError`; Stellar reads Horizon
+  `result_codes` (and treats an unfunded source account's `loadAccount` 404 as the same). Both
+  then *also* fall through to `toInsufficientFundsError` as a message-level backstop, so the
+  two paths can't drift in vocabulary.
+
+Either way the caller sees one `InsufficientFundsError` with `.code === 'INSUFFICIENT_FUNDS'`.
+
+---
+
+## 7. Registry / loader pattern
+
+- EVM is registered eagerly (`viem` is the one hard peer dep). Solana / TON / Stellar mount
+  lazily via a single dynamic `import()` in [`drivers/index.ts`](src/drivers/index.ts) the
+  first time their `chain` is named — no setup call.
+- A failed lazy `import()` → `MissingDriverError` naming the exact `npm install` + `{ cause }`.
+  The in-flight promise isn't cached on failure, so a later call can retry.
+- No driver for the family, or `resolve()` → `null` → `UnsupportedNetworkError`.
+- Add a family = one loader entry + a mirrored `drivers/<family>/` folder. Nothing else in the
+  protocol layer changes.
+
+---
+
+## 8. Shared building blocks (don't reinvent per chain)
+
+| Helper | Where | Purpose |
+|---|---|---|
+| `toInsufficientFundsError(err)` | [`errors.ts`](src/errors.ts) | message → `InsufficientFundsError \| null` (the affordability backstop) |
+| `rejectForeignToken(token, family, network)` | [`drivers/shared.ts`](src/drivers/shared.ts) | uniform `WrongFamilyError` for a foreign-family object token (data-driven; a new family is auto-covered) |
+| `toInvalidBody(result)` | [`server.ts`](src/server.ts) | the canonical 402 'invalid' JSON body for every framework adapter |
+| `delay(ms)` | [`util/async.ts`](src/util/async.ts) | the one poll/confirm delay shared by all drivers |
+| `safeEmit(event)` | client (private); the gate mirrors it with an inline try/catch around `onPaid` | observability hooks never abort the flow |
+
+---
+
+## 9. New-module error checklist
+
+```
+- [ ] verify() returns ONLY canonical VerifyErrorCode values (compiler-enforced); same code
+      as other drivers for the same condition; every RPC read guarded → tx_not_found on failure.
+- [ ] send() wraps the broadcast and maps affordability → InsufficientFundsError
+      (toInsufficientFundsError for message-only chains; structured detection + that backstop otherwise).
+- [ ] confirm() → ConfirmationTimeoutError on broadcast-but-not-confirmed.
+- [ ] resolveToken(): unknown symbol → UnknownTokenError; foreign token → rejectForeignToken(...).
+- [ ] bindWallet() / assertValidPayTo() → WrongFamilyError for the wrong shape, message names the right one.
+- [ ] loader entry throws MissingDriverError with the exact `npm install` + { cause }.
+- [ ] No raw chain error escapes for a condition the SDK recognises; the rest rethrow unchanged.
+```

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 PipRail
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.