fullstackgtm 0.10.0

package/CHANGELOG.md

@@ -0,0 +1,381 @@
+# Changelog
+
+All notable changes to the `fullstackgtm` package are documented here.
+The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and the project adheres to [Semantic Versioning](https://semver.org/).
+The path to 1.0 is planned in [docs/roadmap-to-1.0.md](./docs/roadmap-to-1.0.md).
+
+## [0.10.0] — 2026-06-10
+
+**Versioning reset to reflect beta status.** The 1.x numbering below
+(1.0.0–1.2.2) overstated maturity: those versions were development
+milestones, not a frozen public contract. 0.10.0 continues the 0.x line
+(0.9.0 was the last pre-1.x milestone) and is functionally identical to
+1.2.2 plus the status/docs corrections below. `fullstackgtm@1.2.1` and
+`@1.2.2` were briefly on npm (2026-06-10) and were unpublished the same
+week; those version numbers are permanently burned per npm policy. The real
+1.0 will be declared via [docs/roadmap-to-1.0.md](./docs/roadmap-to-1.0.md)
+once the API surface has survived external usage.
+
+### Changed
+
+- README status: "1.0 — stable" → "beta (0.x)"; API surfaces may break in
+  minor releases until 1.0 (each break will be called out here). The safety
+  invariants are explicitly not beta.
+- `docs/api.md` reframed as the 1.0 contract *candidate*.
+- MCP server now reports the real package version instead of a hardcoded
+  string.
+
+## [1.2.2] — 2026-06-10 (unpublished)
+
+Release mechanics.
+
+### Changed
+
+- **Releases publish via npm Trusted Publishing (OIDC)** from GitHub Actions
+  on the public repo — no tokens, no 2FA bypass. (1.2.1 was published
+  manually to bootstrap the package on npm.)
+- Bin paths canonicalized (no `./` prefix) to silence npm 11's
+  normalization warning during pack/publish.
+
+## [1.2.1] — 2026-06-10 (unpublished)
+
+First version published to npm.
+
+Onboarding polish: first-run verification, agent install docs, and a working
+zero-install MCP path.
+
+### Added
+
+- **`fullstackgtm doctor [--json]`**: offline install check — package/node
+  versions, credential-store and config presence, per-provider credential
+  source (env / stored / broker / none), MCP peer status, and the suggested
+  next command. `--json` for agents and orchestration.
+- **`INSTALL_FOR_AGENTS.md`**: deterministic install-and-verify steps with
+  expected outputs and exit codes, for AI agents installing the CLI.
+- **`llms.txt`**: documentation map and key invariants for LLM consumption.
+
+### Fixed
+
+- **`fullstackgtm-mcp` no longer crashes with a raw module-not-found stack
+  trace** when the optional peers are missing — it prints install guidance
+  instead (`npx fullstackgtm-mcp` alone never installs optional peers).
+- README MCP instructions now use a working zero-install invocation
+  (`npx -p fullstackgtm -p @modelcontextprotocol/sdk -p zod fullstackgtm-mcp`)
+  and include copy-paste Claude Code / generic MCP client configuration.
+
+## [1.2.0] — Unreleased
+
+Feature-completeness fan-out: filled every remaining capability gap found by
+an exhaustive census of the package and the hosted app.
+
+### Added (package)
+
+- **Stripe incremental fetch** (`fetchChanges`): filters customers and
+  subscriptions on `created[gte]`, so frequent syncs no longer re-pull the
+  full account. (Catches newly-created records; Stripe list endpoints can't
+  filter on a modification timestamp — documented on the method.)
+- **HubSpot and Salesforce now populate `lastActivityAt` and
+  `forecastCategory`** on deals (`hs_last_sales_activity_timestamp` /
+  `LastActivityDate`, and stage/`ForecastCategory` → canonical category).
+  `forecastCategory` was a dead canonical field; stale-deal detection now
+  uses true engagement time instead of falling back to sync time.
+- **`diffSnapshots` covers the activities collection** (added/removed/changed),
+  rendered in `diffToMarkdown` — previously only users/accounts/contacts/deals
+  were diffed.
+- **`patchPlanToMarkdown` renders each operation's id**, so the approval flow
+  (`plans approve --operations <ids>`) no longer requires reading JSON.
+- **MCP audit honors config** via a new `configPath` input — policy overrides
+  and third-party rule packages now work over MCP, matching the CLI.
+
+### Hosted app (not part of the package's semver surface)
+
+- **Real multi-touch attribution**: `attribution.ts` replaces a single
+  synthetic touchpoint per deal and a fabricated 8%-of-revenue budget with
+  first/last/linear/time-decay crediting (7-day half-life) over real
+  touchpoints; budget/spend read only from real fields.
+- **Consistent least-privilege role gating**: 84 write mutations across the
+  backend that lacked an admin/manager check now require one (via a new
+  `requireManager` helper); HubSpot/Salesforce `disconnect` aligned to
+  admin-or-manager. No IDOR/cross-tenant gaps existed; this closes the
+  role-gating inconsistency. Removed an unused public `getByClerkId` query.
+
+## [1.1.0] — Unreleased
+
+Feature-completeness pass: no operation type is a stub.
+
+### Added
+
+- **Connectors apply every operation type.** HubSpot and Salesforce
+  `applyOperation` now implement `link_record` (HubSpot deal→company
+  association; Salesforce `AccountId`), `create_task` (HubSpot task
+  engagement with the correct association type id; Salesforce `Task` with
+  `WhatId`/`WhoId`), and `archive_record` (HubSpot archive / Salesforce
+  delete), in addition to `set_field`/`clear_field`. Previously these were
+  silently skipped — so applying a real audit plan (whose built-in rules emit
+  `link_record` and `create_task`) now actually applies, with nothing dropped.
+- An end-to-end test proves a full demo audit plan applies with zero
+  unsupported-skips.
+
+### Fixed
+
+- HubSpot connector tolerates empty (204) response bodies from DELETE and
+  association writes instead of throwing on success.
+- App (hosted): patch-plan apply dispatches through the shared operation
+  registry, so every `set`/`do` operation a plan can be created for is also
+  applyable — the previous path only handled `deal.next_step` and threw
+  "not implemented" for everything else.
+
+## [1.0.1] — Unreleased
+
+Security and correctness fixes from an adversarial review.
+
+### Security
+
+- **Fail-closed backend auth** (app): the Convex demo bypass is enabled only
+  by an explicit `FSGTM_ENABLE_DEMO_DATA=true`, never inferred from a missing
+  Clerk issuer — a deployment that forgot to configure auth now rejects
+  requests instead of granting admin access to the direct Convex endpoint.
+- **Secrets off argv**: `login` no longer accepts tokens/client secrets as
+  flags (they leak via `ps` and shell history). Secrets are read from stdin
+  (`echo "$T" | fullstackgtm login hubspot`) or a muted interactive prompt;
+  passing `--token`/`--client-secret` is rejected.
+- **Broker tokens expire** (90-day TTL) and pairing requests are swept; a
+  leaked credentials file no longer grants indefinite org access.
+- **Device-code phishing defense**: pairing requests carry a self-reported
+  requester label shown to the approver, who is warned before granting access.
+- **Enforced credential permissions**: the home dir is forced to 0700 and
+  credential/plan files to 0600 even when pre-created at looser modes.
+- **Per-IP rate limiting** on the public pairing endpoints (replacing a global
+  counter that was a self-DoS); timing-safe smoke-bypass comparison that is
+  refused in production; provider error bodies no longer interpolated into
+  thrown errors; `openInBrowser` validates the URL scheme and fixes argument
+  injection / the Windows opener.
+
+### Fixed
+
+- `mergeSnapshots` no longer auto-merges accounts that merely share a name
+  with different/absent domains (a data-corrupting false merge); such
+  collisions are reported as `suggestions` for human review.
+- Apply paths require an `approved` plan unconditionally; a `not_required`
+  draft can no longer write to a provider.
+- The Stripe connector leaves a subscription's amount undefined for
+  metered/tiered prices instead of silently reporting 0.
+- `sampleData` probabilities corrected to the canonical 0..1 unit (were
+  0..100), matching the connectors and demo dataset.
+- Pagination loops guard against a repeated provider cursor (HubSpot and
+  Salesforce) so a misbehaving API can't loop forever; HubSpot incremental
+  search stops at its 10,000-result cap instead of erroring mid-sync.
+- The CLI pairing `describe` lookup is gated to authenticated admins/managers
+  so a requester's hostname isn't exposed to anonymous callers.
+
+## [1.0.0] — Unreleased
+
+**The contract.** From this release, the surfaces documented in
+[docs/api.md](./docs/api.md) — the canonical data model, the rule interface,
+the patch-plan format and apply safety contract, the connector contract,
+merge/diff, configuration, CLI commands and exit codes, and MCP tool
+schemas — are covered by semver: breaking changes require a major version.
+New providers and new rules are minor releases; the model only breaks at 2.0.
+
+No code changes beyond version identifiers; 1.0.0 is 0.9.0 with the
+stability commitment attached.
+
+## [0.9.0] — Unreleased
+
+### Added
+
+- **API freeze document** (`docs/api.md`, shipped in the package): the exact
+  surfaces covered by the 1.0 semver commitment — canonical model, rule
+  engine, plan/apply contract, connector contract, merge/diff, config, CLI
+  commands and exit codes, MCP tools.
+- **Performance guards in CI**: auditing and diffing a 2,000-account /
+  10,000-deal generated org must stay within linear-time budgets, catching
+  any regression to quadratic behavior.
+
+### Security
+
+- Rate limiting on the public CLI pairing endpoint (device-flow `start`),
+  bounding pairing-request floods deployment-wide.
+- Auth-surface review pass: hashed-at-rest device codes and broker tokens,
+  state-checked loopback OAuth, 0600 credential files, role-gated approvals,
+  and per-CLI revocation were verified; no further findings.
+
+## [0.8.0] — Unreleased
+
+### Added
+
+- **Stripe connector** (`createStripeConnector`) — the first non-CRM
+  connector, proving the contract generalizes to billing: customers map to
+  accounts (email domain becomes the cross-system merge key) and contacts,
+  subscriptions map to deals (cents converted to major units, status mapped
+  to won/lost/open). Read-only by design: `applyOperation` always returns
+  `skipped`. CLI `--provider stripe`, `login stripe --token sk_...`, and the
+  MCP audit source complete the wiring.
+- **Incremental fetch** (`fetchChanges(sinceIso)`): HubSpot via the CRM
+  search API (`hs_lastmodifieddate`/`lastmodifieddate` filters with paging),
+  Salesforce via `SystemModstamp` SOQL filters — frequent syncs no longer
+  re-pull whole orgs. CLI: `snapshot --provider <name> --since <iso>`.
+  Change feeds may omit associations; documented on the contract.
+- **One plan vocabulary in the hosted app**: `patchPlans.get` now returns
+  `document` — the package-typed `PatchPlan` converted from legacy rows via
+  `convex/lib/patchPlanCompat.ts` — so the dashboard review queue and
+  `fullstackgtm apply` consume the same document shape.
+
+## [0.7.0] — Unreleased
+
+### Added
+
+- **Conflict surfacing (compare-and-set)**: connectors gain `readField`, and
+  `applyPatchPlan` reads the live provider value before every field write —
+  if it no longer matches the plan's `beforeValue`, the operation returns a
+  new `conflict` result (with the current value) instead of writing blind.
+  On by default when the connector supports it; `checkConflicts: false` opts
+  out. Both HubSpot and Salesforce connectors implement `readField` through
+  the same field mappings as writes.
+
+### Notes
+
+- Incremental fetch (provider change cursors) is the remaining 0.7.x work.
+
+## [0.6.0] — Unreleased
+
+### Added
+
+- **Entity resolution across systems** (`mergeSnapshots`): collapses users
+  and contacts on email, accounts on normalized domain (then name), keeps
+  every original system id as an identity claim, gap-fills missing fields
+  (first source wins), and reports every conflicting value instead of
+  silently resolving it. Deals and activities are never merged — they are
+  provider-unique — but references are re-pointed at merged records.
+- CLI `merge --input a.json --input b.json --out merged.json` with a
+  conflict report; audit the merged view like any snapshot.
+- New cross-system rule `account-single-source` (info): on merged
+  multi-system snapshots, flags accounts known to only one source. Inert on
+  single-provider snapshots, so existing audits are unaffected.
+
+## [0.5.0] — Unreleased
+
+### Added
+
+- **Snapshot diffing** (`diffSnapshots`): added/removed records and
+  field-level changes per collection, ignoring sync-noise fields.
+- **Hygiene drift** (`diffFindings`): new vs. resolved vs. persisting
+  findings between two audits, keyed on stable finding ids.
+- CLI `diff --before <a.json> --after <b.json>` renders both (markdown or
+  `--json`) and exits 2 with `--fail-on-new-findings` — a hygiene
+  *regression* gate for nightly CI, not just a hygiene presence gate.
+- CLI `snapshot --archive <dir>` writes timestamped
+  `<provider>-<generatedAt>.json` files for snapshot history.
+
+## [0.4.0] — Unreleased
+
+### Added
+
+- **Configuration file** (`fullstackgtm.config.json`, or `--config <path>`):
+  policy thresholds, rule selection (`enabled`/`disabled`), and
+  `rulePackages` — modules exporting `rules: GtmAuditRule[]` — so a team's
+  audit standard lives in version control. CLI flags still win over config.
+- **Five new built-in rules** (10 total), each with a `category`:
+  `missing-deal-amount` (forecast), `duplicate-account-domain` and
+  `duplicate-contact-email` (data-quality, case-insensitive grouping),
+  `active-deal-account-without-contacts` (coverage), and
+  `closing-soon-inactive` (forecast, severity critical) — open deals inside
+  the closing window with no recent activity, i.e. silent slip risk.
+- Policy gains optional `requireDealAmount`, `closingSoonDays`, and
+  `closingSoonIdleDays` thresholds.
+- `rules` command resolves the configured set (including rule packages) and
+  shows categories.
+
+### Changed
+
+- Demo-dataset golden counts updated for the new rules (69 → 79 findings;
+  the duplicate rules fire on realistic generated data).
+
+## [0.3.0] — Unreleased
+
+### Added
+
+- **Durable plan workflow** (`PlanStore` + `createFilePlanStore`): plans stay
+  immutable proposals; the store tracks the lifecycle around them — approved
+  operation ids, human-supplied value overrides, and every apply run. The
+  file store keeps one JSON document per plan under `~/.fullstackgtm/plans`.
+- CLI lifecycle: `audit --save`, `plans list|show|approve|reject`, and
+  `apply --plan-id <id>` — the store enforces that nothing applies before
+  approval and records the run afterward. Approving operations can carry
+  `--value <opId>=<v>` overrides that persist with the plan.
+
+### Notes
+
+- The hosted app's Convex plan tables are the second `PlanStore`
+  implementation target; unifying them onto these types is the remaining
+  0.3.x work (see docs/roadmap-to-1.0.md).
+
+## [0.2.0] — Unreleased
+
+### Added
+
+- **Salesforce connector** (`createSalesforceConnector`) behind the same
+  `GtmConnector` contract: SOQL reads with cursor pagination, PATCH
+  write-back (correctly handling Salesforce's `204 No Content`), per-org
+  field mappings, probabilities normalized to canonical 0..1, and the same
+  never-drop-records guarantee as HubSpot.
+- **Salesforce CLI auth**: `login salesforce --device --client-id <consumer
+  key>` uses Salesforce's native device-authorization grant — a code
+  confirmed on any device, no localhost server, no client secret, silent
+  refresh. Manual `--token --instance-url` also supported.
+- **Broker mint for Salesforce**: paired CLIs exchange their broker token for
+  `accessToken + instanceUrl + fieldMappings` from the org's stored sync
+  credentials. `resolveSalesforceConnection` joins the resolution ladder.
+- CLI/MCP provider surfaces accept `salesforce` everywhere `hubspot` was
+  accepted (`--provider`, apply, MCP enums).
+
+## [0.1.0] — Unreleased
+
+Initial public release.
+
+### Core
+
+- Canonical, provider-independent GTM data model (users, accounts, contacts,
+  deals, activities) with multi-system identity claims (`identities:
+  {provider, externalId}[]`) and provider payload escape hatches.
+- Pluggable deterministic audit-rule engine (`GtmAuditRule`). Five built-in
+  hygiene rules: orphan accounts, ownerless deals, unlinked deals, past close
+  dates, stale pipeline. Finding and operation ids are stable hashes, so runs
+  over the same data are diffable.
+- Dry-run patch plans: every proposed write is a typed operation with
+  before/after values, a reason, a risk level, and an approval flag.
+- `applyPatchPlan` orchestrator enforcing the safety contract for all
+  connectors: explicit per-operation approval, no `requires_human_*`
+  placeholder writes without a concrete value override, per-operation result
+  records (`PatchPlanRun`).
+- `GtmConnector` contract (`fetchSnapshot` / `applyOperation`) and a HubSpot
+  reference connector (plain `fetch`, injected token, per-org field mappings).
+  The connector never drops unresolvable records — audits surface them.
+- Seeded deterministic demo dataset (`generateDemoSnapshot`): a realistic,
+  deliberately messy mid-market CRM with injected real-world failure modes.
+
+### CLI (`fullstackgtm`)
+
+- `snapshot` / `audit` / `apply` / `rules` — composable, JSON-everywhere,
+  meaningful exit codes (`0` success, `1` error, `2` findings at/above
+  `--fail-on` threshold).
+- Rule scoping (`--rules`), policy overrides (`--today`, `--stale-days`),
+  demo and file sources, severity gating for CI and agent loops.
+- `login hubspot` — private app token (zero web flow, validated) or
+  bring-your-own-app OAuth via RFC 8252 loopback with silent refresh.
+- `login --via <hosted url>` — broker pairing: device-flow handshake against
+  a hosted FullStackGTM deployment; the CLI exchanges a revocable broker
+  token for short-lived provider tokens minted from the org's stored sync
+  credentials, inheriting org field mappings.
+- Credential resolution ladder: `--token-env` → ambient env → stored direct
+  login → broker pairing. Stored in `~/.fullstackgtm/credentials.json`
+  (0600, `FSGTM_HOME` overridable).
+
+### MCP (`fullstackgtm-mcp`)
+
+- `fullstackgtm_audit` (sample/demo/file/live sources, rule scoping),
+  `fullstackgtm_rules`, and `fullstackgtm_apply` (requires explicit
+  `approvedOperationIds`) over stdio.
+
+[0.1.0]: https://github.com/fullstackgtm/fullstackgtm/tree/main/packages/fullstackgtm

package/INSTALL_FOR_AGENTS.md

@@ -0,0 +1,87 @@
+# Installing fullstackgtm (for AI agents)
+
+Deterministic install-and-verify steps. Every command is non-interactive, every
+check has an expected output, and nothing here writes to a CRM.
+
+## 1. Install
+
+```bash
+npm install -g fullstackgtm
+# or project-local: npm install fullstackgtm
+# or zero-install: prefix the commands below with `npx`
+```
+
+Requires Node >= 20. No other runtime dependencies.
+
+## 2. Verify
+
+```bash
+fullstackgtm doctor --json
+```
+
+Expect a JSON object with `node.ok: true` and `package.version` set. The
+`providers` map shows `"source": "none"` for every provider on a fresh
+machine — that is normal and does not block the next step.
+
+## 3. First value, zero credentials
+
+```bash
+fullstackgtm audit --demo --json
+```
+
+Expect a JSON patch plan with `dryRun: true` and ~80 findings over a generated,
+deliberately messy CRM. Deterministic per seed: `--seed 7` is the default, so
+two runs produce identical finding and operation ids. Exit code 0.
+
+This proves the whole pipeline (snapshot → audit → plan) without any account.
+
+## 4. Connect a real provider (requires a human or stored credentials)
+
+Credential resolution ladder, first match wins:
+
+1. `--token-env <NAME>` — explicit env var for one invocation
+2. Ambient env: `HUBSPOT_ACCESS_TOKEN`, or `SALESFORCE_ACCESS_TOKEN` + `SALESFORCE_INSTANCE_URL`, or `STRIPE_SECRET_KEY`
+3. Stored login: `fullstackgtm login <provider>` (interactive; a human runs this once)
+4. Broker pairing: `fullstackgtm login --via <hosted url>` (a human approves the pairing code)
+
+In an agent sandbox, prefer rung 1 or 2. Never echo tokens into argv —
+`login` reads secrets from stdin only.
+
+```bash
+HUBSPOT_ACCESS_TOKEN=$TOKEN fullstackgtm audit --provider hubspot --json --out plan.json
+```
+
+Exit codes everywhere: `0` success, `1` error, `2` findings at/above `--fail-on`.
+
+## 5. Writes are approval-gated — by design
+
+`audit` never mutates anything. `apply` writes only operation ids explicitly
+passed via `--approve`, and refuses `requires_human_*` placeholder values
+unless a concrete `--value <opId>=<v>` override is supplied. Do not attempt to
+bypass this; surface the plan to a human instead:
+
+```bash
+fullstackgtm audit --provider hubspot --save     # persists plan to ~/.fullstackgtm/plans
+fullstackgtm plans list                          # a human reviews and approves
+```
+
+## 6. MCP server (optional)
+
+The MCP entrypoint needs optional peers that plain `npx fullstackgtm-mcp`
+does not install:
+
+```bash
+npx -p fullstackgtm -p @modelcontextprotocol/sdk -p zod fullstackgtm-mcp
+```
+
+Tools exposed over stdio: `fullstackgtm_audit` (read-only),
+`fullstackgtm_rules`, `fullstackgtm_apply` (requires `approvedOperationIds`).
+
+## Troubleshooting
+
+| Symptom | Fix |
+| --- | --- |
+| `fullstackgtm: command not found` | Re-run with `npx fullstackgtm`, or check global npm bin is on PATH |
+| `No HubSpot credentials` (exit 1) | Set `HUBSPOT_ACCESS_TOKEN` or have a human run `fullstackgtm login hubspot` |
+| MCP server prints peer-dependency help | Install `@modelcontextprotocol/sdk` and `zod` (see step 6) |
+| Need machine state for orchestration | `fullstackgtm doctor --json` |

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.