synology-office-mcp 0.4.6

package/.env.example

@@ -0,0 +1,139 @@
+# ============================================================
+# REQUIRED — Synology NAS Connection
+# ============================================================
+
+# NAS hostname or IP address
+SYNO_HOST=192.168.1.100
+
+# NAS port (5000 = HTTP, 5001 = HTTPS)
+SYNO_PORT=5001
+
+# Use HTTPS (true/false)
+SYNO_HTTPS=true
+
+# Accept self-signed TLS certificate (default: false — secure-by-default).
+# Set true ONLY for home NAS setups with self-signed certs you trust.
+# WARNING: true disables MITM protection on the NAS connection.
+SYNO_IGNORE_CERT=false
+
+# DSM credentials
+SYNO_USERNAME=your_nas_user
+SYNO_PASSWORD=your_nas_password
+
+# 2FA OTP code (leave empty if not using 2FA).
+# NOTE: DSM does NOT have "Application Passwords" (that is a Google/Microsoft
+# concept, not a Synology one). For 2-step-verification accounts, the only
+# fully supported path for unattended automation — including the Spreadsheet
+# container, whose /authorize endpoint does NOT accept OTP — is to create a
+# dedicated DSM service account WITHOUT 2FA enabled.
+SYNO_OTP_CODE=
+
+# ============================================================
+# OPTIONAL — Feature Flags
+# ============================================================
+
+SYNO_ENABLE_DRIVE=true
+SYNO_ENABLE_SPREADSHEET=true
+SYNO_ENABLE_MAILPLUS=true
+SYNO_ENABLE_CALENDAR=true
+
+# ============================================================
+# OPTIONAL — MCP Server Transport
+# ============================================================
+
+# Transport mode: "stdio" or "sse"
+MCP_TRANSPORT=stdio
+
+# SSE port (only used when MCP_TRANSPORT=sse)
+MCP_SSE_PORT=3100
+
+# SSE host binding (use 127.0.0.1 for local-only)
+MCP_SSE_HOST=127.0.0.1
+
+# ============================================================
+# OPTIONAL — Security
+# ============================================================
+
+# Shared secret for SSE mode.
+# REQUIRED when MCP_SSE_HOST is not a loopback address (127.0.0.1 / ::1 / localhost).
+# Server will refuse to start if SSE is bound to LAN/public host without a token.
+MCP_AUTH_TOKEN=
+
+# ============================================================
+# OPTIONAL — Logging
+# ============================================================
+
+# Log level: "debug" | "info" | "warn" | "error"
+LOG_LEVEL=info
+
+# Log file path (leave empty to log to stderr only)
+LOG_FILE=
+
+# ============================================================
+# OPTIONAL — Performance
+# ============================================================
+
+# Session token TTL in milliseconds (default: 23 hours)
+SYNO_TOKEN_TTL_MS=82800000
+
+# HTTP request timeout in milliseconds
+SYNO_REQUEST_TIMEOUT_MS=30000
+
+# ============================================================
+# OPTIONAL — Spreadsheet REST API (Synology Office >= 3.6.0)
+# ============================================================
+# Used by the Spreadsheet client and scripts/smoke-spreadsheet.mjs.
+# Defaults to SYNO_HOST when SYNO_SS_HOST is unset.
+
+# Hostname of the synology/spreadsheet-api endpoint
+SYNO_SS_HOST=
+
+# Port of the spreadsheet-api endpoint (container default: 3000)
+SYNO_SS_PORT=3000
+
+# Use HTTPS for the spreadsheet-api endpoint (true/false)
+SYNO_SS_HTTPS=false
+
+# ------------------------------------------------------------
+# Spreadsheet container's DSM back-channel (advanced, optional)
+# ------------------------------------------------------------
+# When you call /spreadsheets/authorize, the container makes its OWN back-call
+# to DSM to validate credentials. Three knobs below control THAT back-call,
+# independent of the MCP→DSM connection (SYNO_HOST/PORT/HTTPS).
+#
+# Why these exist: the synology/spreadsheet-api Docker image ships without
+# DSM's self-signed CA, so HTTPS back-calls to a homelab DSM fail TLS verify
+# and return 401 — even when credentials are correct. Pointing the back-call
+# at DSM's HTTP port works around this without weakening MCP→DSM TLS.
+#
+# All three default to the matching SYNO_* value. Leave blank if DSM uses a
+# trusted cert (or the container has the CA installed).
+#
+# DSM host the container should back-call (defaults to SYNO_HOST)
+SYNO_SS_DSM_HOST=
+#
+# DSM port for the container's back-call (defaults to SYNO_PORT).
+# Common: 5000 (HTTP) or your custom DSM HTTP port.
+SYNO_SS_DSM_PORT=
+#
+# Use HTTPS for the container's back-call (defaults to SYNO_HTTPS).
+# Set false when the container rejects DSM's self-signed cert.
+SYNO_SS_DSM_HTTPS=
+
+# ------------------------------------------------------------
+# Notes on 401 from /spreadsheets/authorize
+# ------------------------------------------------------------
+# The endpoint validates DSM credentials via the container's own back-call.
+# Common causes (most frequent first):
+#   1. Container rejects DSM's self-signed TLS cert — set SYNO_SS_DSM_HTTPS=false
+#      and SYNO_SS_DSM_PORT to DSM's HTTP port (default 5000) to bypass.
+#   2. Container cannot reach DSM at the back-call URL (Docker bridge, firewall,
+#      wrong host). Test from inside the container:
+#        docker exec <ss-container> curl -kv https://DSM_HOST:DSM_PORT/webapi/...
+#   3. DSM auto-block triggered against the container's source IP. Unblock and
+#      whitelist the Docker subnet (Control Panel → Security → Account).
+#   4. User lacks Synology Office privilege (Control Panel → Application
+#      Privileges → Synology Office).
+#   5. Wrong DSM credentials. The endpoint does NOT accept OTP — for 2FA
+#      accounts, use a dedicated service account without 2FA enabled.
+#      DSM has NO "Application Password" feature despite what some docs claim.

package/CHANGELOG.md

@@ -0,0 +1,257 @@
+# Changelog
+
+All notable changes to **synology-office-mcp** are documented in this file.
+
+The format follows [Keep a Changelog 1.1.0](https://keepachangelog.com/en/1.1.0/) and this project adheres to [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html).
+
+> Pre-1.0 status: minor versions (`0.x.0`) deliver shipping milestones from the [implementation plan](./plans/260426-1222-synology-office-mcp/plan.md). The public surface (CLI, env vars, MCP tools) may still change between minor versions until `1.0.0`.
+
+## [Unreleased]
+
+---
+
+## [0.4.6] - 2026-05-03
+
+### Added
+- Landing page link at the top of `README.md` (https://synology-mcp-server.smb-base.com/).
+- Quick Start now walks through deploying the official `synology/spreadsheet-api` Docker container, the DSM access/whitelist steps, and the homelab self-signed-cert workaround (`SYNO_SS_DSM_HTTPS=false` + `SYNO_SS_DSM_PORT=5000`).
+- Quick Start env block expanded to cover `SYNO_SS_*` variables (host, port, https) and back-call overrides (`SYNO_SS_DSM_*`).
+
+### Changed
+- Quick Start restructured into three numbered steps: container deploy → env vars → run server.
+
+---
+
+## [0.4.5] - 2026-05-01
+
+### Added — Documentation refresh
+- New `usage-guide.md` at repo root: sample natural-language prompts for every one of the 37 MCP tools, plus composite-workflow examples and tips (absolute paths, ISO 8601, register-by-name, confirm-pattern).
+- `integration-guide.md`: added a **Remove MCP** subsection to every client section (Claude Desktop, Cursor, Continue.dev, Windsurf/Codeium, OpenAI Codex CLI, Google Antigravity, ChatGPT, BabyAGI/AutoGPT, LangChain, LlamaIndex, Generic SDK) so operators have a paired install/uninstall path.
+
+### Changed
+- Tool count corrected to **37** across `README.md` (Features matrix, Quick summary, Documentation table) and `tool-reference.md` (header + Spreadsheet section). Spreadsheet module grew from 8 → 13 tools.
+- Spreadsheet section in `tool-reference.md` now documents the five tools added during 0.4.x: `spreadsheet_register`, `spreadsheet_get_styles`, `spreadsheet_batch_update`, `spreadsheet_rename_sheet`, `spreadsheet_delete_sheet`.
+
+### Why
+Docs had drifted behind the 0.4.x spreadsheet expansion. New users following `README.md` saw a stale tool count and missed the register-by-name flow that several spreadsheet tools rely on.
+
+### Verified
+- Security scan across `src/`, `tests/`, and all root `*.md` documents: zero hard-coded credentials, private keys, or real tokens. Only placeholders (`your_password`, `192.168.1.100`) and intentional test fixtures (with redaction tests in `tests/utils/logger.test.ts`).
+- `git ls-files` confirms only `.env.example` is tracked; `.env*` remains gitignored.
+
+---
+
+## [0.4.4] - 2026-04-30
+
+### Added — Independent DSM back-channel for the Spreadsheet container
+- New env vars `SYNO_SS_DSM_HOST` / `SYNO_SS_DSM_PORT` / `SYNO_SS_DSM_HTTPS` control the URL the Spreadsheet container uses to back-call DSM (the `host` / `protocol` fields in `/spreadsheets/authorize`). Each falls back to the matching `SYNO_*` value when unset, so existing setups keep working.
+- New `SynologyConfig` fields: `spreadsheetDsmHost`, `spreadsheetDsmPort`, `spreadsheetDsmHttps`.
+
+### Why
+The `synology/spreadsheet-api` Docker image ships without DSM's self-signed CA, so HTTPS back-calls to a homelab DSM fail TLS verification and the container returns `401 Unauthorized` even when credentials are correct. Previously the back-call URL was hard-wired to `SYNO_HOST/PORT/HTTPS`, forcing operators to choose between (a) downgrading the entire MCP→DSM connection to HTTP or (b) installing a CA inside the container. With this change, only the container's back-call is downgraded to HTTP — MCP→DSM stays on HTTPS as configured.
+
+### Fixed — Auth-failure error hint
+- Reordered 401 root-cause hint by observed frequency (TLS verify first, not 2FA).
+- Removed incorrect references to "DSM Application Password" — DSM has no such feature; the previous hint sent operators chasing a menu that does not exist.
+- Hint now points operators at the new `SYNO_SS_DSM_*` knobs as the primary fix.
+
+### Documentation
+- `.env.example`: documented all three `SYNO_SS_DSM_*` vars and rewrote the 401 troubleshooting section.
+- `troubleshooting.md`: new "Spreadsheet `/spreadsheets/authorize` Returns 401" section with diagnose/fix recipe; corrected 2FA guidance (no Application Password feature in DSM).
+- `docs/project/synology-office-mcp-spec.md`: added `SYNO_SS_*` block to env-var reference and updated `SynologyConfig` schema.
+
+### Migration
+- No breaking changes. Setups that worked previously continue to work — the new vars default to the matching `SYNO_*` values. If you were hitting `401` on `/spreadsheets/authorize` with HTTPS DSM, set `SYNO_SS_DSM_HTTPS=false` and `SYNO_SS_DSM_PORT=<DSM HTTP port>`.
+
+---
+
+## [0.4.3] - 2026-04-29
+
+### Fixed — Spreadsheet auth diagnostics & env-var consistency
+- Spreadsheet API endpoint now configurable via `SYNO_SS_HOST` (defaults to `SYNO_HOST`); previously the host was hardcoded to `SYNO_HOST` with no override
+- Renamed env vars to a single canonical naming: `SYNO_SS_HOST` / `SYNO_SS_PORT` / `SYNO_SS_HTTPS` (matches `scripts/smoke-spreadsheet.mjs`)
+- Removed undocumented `SYNO_SPREADSHEET_PORT` / `SYNO_SPREADSHEET_HTTPS` — these were silently ignored by `claude mcp add` setups using `SYNO_SS_*`
+- Auth-failure error message now lists the four common 401 causes (wrong creds, 2FA without app password, container cannot reach DSM, DSM auto-block) and prints the DSM URL the Spreadsheet container is reaching
+- Added 2FA app-password caveat to `.env.example` (the `/spreadsheets/authorize` endpoint does not accept OTP)
+
+### Migration
+- If you previously set `SYNO_SPREADSHEET_PORT` / `SYNO_SPREADSHEET_HTTPS`, rename them to `SYNO_SS_PORT` / `SYNO_SS_HTTPS`. Defaults (`3000` / `false`) are unchanged.
+
+---
+
+## [0.3.3] - 2026-04-27
+
+### Changed — Documentation restructure
+- Removed `AGENTS.md` (OpenCode no longer used) and `files/dockers/README.md` (duplicated `deployment-guide.md`)
+- Moved `files/docs/{security,troubleshooting,tool-reference,integration-guide}.md` to repo root
+- Removed `files/docs/deployment.md` (subset of `deployment-guide.md`)
+- Split `SECURITY.md` (disclosure-only) from new `security-model.md` (threat model, transport security, redaction)
+- Updated all cross-links and bumped stale version refs (`0.2.0`/`0.7.0`) across docs
+
+---
+
+## [0.3.2] - 2026-04-27
+
+Move doc files.
+
+## [0.3.1] - 2026-04-27
+
+### Fixed — DSM 7.3.2 namespace and shape alignment
+
+DSM 7.3.2 returned error 102 ("API does not exist") for legacy namespaces. Renamed all client API references to the namespaces actually exposed by DSM 7.3.2 and adapted Drive request params + response shape accordingly.
+
+#### Namespace renames
+- Drive: `SYNO.Drive.Files` → `SYNO.SynologyDrive.Files`
+- Drive sharing: `SYNO.Drive.Sharing` → `SYNO.SynologyDrive.Sharing`
+- MailPlus: `SYNO.MailPlus.{Folder,Message,Compose,Attachment}` → `SYNO.MailClient.{Mailbox,Message,Draft,Attachment}`
+- Spreadsheet: `SYNO.Office.Spreadsheet` → `SYNO.Office.Sheet.Snapshot` (operations) + `SYNO.Office.Export` (export)
+- Calendar: `SYNO.Cal.*` (already correct, no change)
+
+#### Drive shape adaptation (DSM 7.3.2)
+- `list` / `search` use `path` parameter (not legacy `folder_path`); `search` uses `keyword` (not `query`)
+- Response wrapper: `{ total, items }` (not `{ total, offset, files }`)
+- Item fields: `file_id`, `display_path`, `modified_time`, `created_time`, `owner.name`, `capabilities` map → `perm.acl`
+- `get` drops obsolete `additional` JSON param — DSM 7.3.2 returns full metadata by default
+
+#### Verified
+- 311/311 unit tests passing
+- Live NAS smoke test on DSM `7.3.2-86009 update 3`: 6/6 read-only tools pass; `drive_list_files` returns real metadata end-to-end
+
+### Notes
+- Drive write operations (upload/move/delete/create_folder/sharing) have correct namespace but params/response shape not yet validated against live NAS — recommend smoke testing before relying on writes.
+- MailPlus and Office tools verified namespace-only on live NAS (test user lacked mail/Office package permissions for full payload validation).
+
+---
+
+## [0.3.0] - 2026-04-26
+
+### Added — All modules milestone (Phases 02–08)
+
+#### Drive module (Phase 02)
+- `DriveClient` wrapping `SYNO.Drive.Files` and `SYNO.Drive.Labels` APIs
+- 11 MCP tools: `drive_list_files`, `drive_search_files`, `drive_get_file_info`, `drive_download_file`, `drive_upload_file`, `drive_create_folder`, `drive_move_file`, `drive_delete_file`, `drive_get_sharing_link`, `drive_list_labels`, `drive_add_label`
+- Confirm-required guard on `drive_delete_file` and `drive_move_file`
+- MSW-mocked unit tests + smoke tests gated by `SMOKE_TEST=1`
+
+#### Spreadsheet module (Phase 03)
+- `SpreadsheetClient` wrapping `SYNO.Office.Spreadsheet` APIs
+- 8 MCP tools: `spreadsheet_list`, `spreadsheet_get_info`, `spreadsheet_read_sheet`, `spreadsheet_write_cells`, `spreadsheet_append_rows`, `spreadsheet_add_sheet`, `spreadsheet_create`, `spreadsheet_export`
+- Confirm-required guard on `spreadsheet_write_cells` and `spreadsheet_append_rows`
+
+#### MailPlus module (Phase 04)
+- `MailPlusClient` wrapping `SYNO.MailPlus` APIs
+- 6 MCP tools: `mailplus_list_folders`, `mailplus_list_messages`, `mailplus_get_message`, `mailplus_send_message`, `mailplus_move_messages`, `mailplus_mark_messages`
+- Confirm-required guard on `mailplus_send_message` and `mailplus_move_messages`
+
+#### Calendar module (Phase 05)
+- `CalendarClient` wrapping `SYNO.Cal` APIs
+- 7 MCP tools: `calendar_list_calendars`, `calendar_list_events`, `calendar_get_event`, `calendar_create_calendar`, `calendar_create_event`, `calendar_update_event`, `calendar_delete_event`
+- Confirm-required guard on `calendar_create_event`, `calendar_update_event`, and `calendar_delete_event`
+
+#### MCP integration (Phase 06)
+- Full MCP server bootstrap with stdio and SSE transports
+- Tool registry wiring all 32 tools
+- Resources: Drive file tree (`drive://files`), MailPlus folder list (`mailplus://folders`), calendar list (`calendar://calendars`)
+- Prompts: `summarize_drive_folder`, `draft_email`, `weekly_agenda`
+- SSE: origin guard, bearer-auth middleware, loopback-enforcement at startup
+
+#### Hardening (Phase 07)
+- Retry with exponential backoff (max 3 attempts) on transient network errors and Synology codes 108/119
+- Structured JSON logging via `LOG_LEVEL` env var
+- Graceful shutdown: SIGINT/SIGTERM triggers best-effort Synology logout + SSE client drain
+- Request timeout enforcement via `AbortSignal.timeout()` and `SYNO_REQUEST_TIMEOUT_MS`
+
+#### Docs & release prep (Phase 08)
+- `docs/tool-reference.md` — full 32-tool reference table
+- `docs/deployment.md` — Docker, systemd, Synology scheduled task
+- `docs/troubleshooting.md` — Synology error codes + fixes
+- `docs/security.md` — detailed threat model
+- `examples/` — Claude Desktop config, Claude Code add script, GoClaw config, smoke-test script
+- `.github/workflows/release.yml` — tag-triggered npm publish with provenance
+
+### Changed
+- `src/index.ts` promoted from Phase 01 stub to full MCP server entry point
+- `package.json` version bumped to `0.3.0`; added `exports` field
+- README updated to reflect v0.3.0 milestone with all modules shipped
+
+### Notes
+- 311 unit tests passing; smoke tests against real DSM 7.2.2 pending before v1.0.0
+- v1.0.0 target: real-NAS smoke test validation, changelog-driven release cut
+
+---
+
+## [0.2.0] — 2026-04-26
+
+### Added — Foundation milestone (Phase 01)
+
+#### Project hygiene
+- MIT-licensed open-source repository scaffold (`LICENSE`, `README.md`, `CONTRIBUTING.md`, `CHANGELOG.md`, `SECURITY.md`, `CODE_OF_CONDUCT.md`)
+- GitHub issue templates (bug report, feature request) under `.github/ISSUE_TEMPLATE/`
+- GitHub Actions CI workflow (`typecheck`, `lint`, `test`, `build` on Node 22)
+- pnpm workspace with strict `engines` requirement (Node `>=22.0.0`, pnpm `>=9.0.0`)
+- `tsup` build pipeline emitting ESM-only `dist/`
+- Husky + lint-staged pre-commit hooks (typecheck, ESLint, Prettier on staged files)
+- Prettier + ESLint flat config + `typescript-eslint` strict ruleset
+
+#### Configuration
+- `loadConfig()` with Zod schema validation (`src/config.ts`)
+- Coercion helpers for boolean / int env vars with defaults
+- SSE auth-required guard: rejects startup when `MCP_TRANSPORT=sse` is bound to a non-loopback host without `MCP_AUTH_TOKEN`
+- Fully documented `.env.example` covering NAS connection, feature flags, transport, security, logging, and performance
+
+#### Authentication & HTTP
+- `AuthManager` (`src/auth/auth-manager.ts`)
+  - Login via `SYNO.API.Auth` v6 with `format=sid`
+  - Credentials sent via `POST` form body — never in URL
+  - `undici.Agent` opt-in for self-signed cert bypass (`SYNO_IGNORE_CERT=true`)
+  - Best-effort `logout()` on shutdown
+- `TokenCache` (`src/auth/token-cache.ts`) — in-memory TTL cache with explicit invalidation
+- `BaseClient` (`src/clients/base-client.ts`) — abstract HTTP base
+  - `_sid` forwarded via `Cookie: id=<sid>` header (kept out of URL/access logs)
+  - Single retry on Synology codes `108` / `119` (session expired) and HTTP 401
+  - `AbortSignal.timeout()` enforcement using `SYNO_REQUEST_TIMEOUT_MS`
+  - Response envelope unwrapping with typed errors
+
+#### Error model
+- `SynologyMcpError` base class with `code`, `synoCode`, and `retryable`
+- Specialised: `AuthError`, `NotFoundError`, `PermissionError`, `ValidationError`, `NetworkError`
+- `mapSynologyError()` translates Synology numeric codes to typed exceptions
+
+#### Security utilities
+- `redactSensitive()` — strips `passwd`, `_sid`, `otp_code`, bearer tokens from log payloads
+- `pathGuard()` — blocks path traversal (`..`, absolute escapes) at tool boundary
+- `originGuard()` — Origin / Host validation for SSE transport
+- `bearerAuth()` — constant-time bearer-token comparison for SSE
+
+#### Types
+- `AppConfig`, `SynologyConfig`, `McpConfig` interfaces
+- `SynologyResponse<T>` envelope with discriminated `success` flag
+- MCP tool / resource / prompt type stubs ready for Phase 06
+
+#### Tests
+- Vitest configuration with v8 coverage reporter
+- MSW-based HTTP mocking helpers in `tests/setup.ts`
+- Unit suites: `config`, `token-cache`, `bearer-auth`, `origin-guard`, `path-guard`, `redact`
+
+### Notes
+- `src/index.ts` is intentionally a Phase 01 stub — full MCP server bootstrap (stdio + SSE transports, tool registry) ships in `0.7.0` per the [phased plan](./plans/260426-1222-synology-office-mcp/plan.md).
+- No module clients (`Drive`, `Spreadsheet`, `MailPlus`, `Calendar`) are wired yet — see Roadmap in [README](./README.md#roadmap).
+
+---
+
+## [0.1.0] — 2026-04-25
+
+### Added
+- Initial repository scaffold and project specification
+- `docs/project/synology-office-mcp-spec.md` — full implementation specification (2 281 lines covering architecture, tools, resources, prompts, security, deployment)
+- Phase-based implementation plan under `plans/260426-1222-synology-office-mcp/` (8 phases)
+
+---
+
+[Unreleased]: https://github.com/vocweb/synology-mcp-server/compare/v0.3.3...HEAD
+[0.3.3]: https://github.com/vocweb/synology-mcp-server/compare/v0.3.2...v0.3.3
+[0.3.2]: https://github.com/vocweb/synology-mcp-server/compare/v0.3.1...v0.3.2
+[0.3.1]: https://github.com/vocweb/synology-mcp-server/compare/v0.3.0...v0.3.1
+[0.3.0]: https://github.com/vocweb/synology-mcp-server/compare/v0.2.0...v0.3.0
+[0.2.0]: https://github.com/vocweb/synology-mcp-server/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/vocweb/synology-mcp-server/releases/tag/v0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tien Chu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.