delego 0.2.0__tar.gz

delego-0.2.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,32 @@
+<!-- Fork the repo and open this PR from a branch in your fork. See CONTRIBUTING.md. -->
+
+## What & why
+
+<!-- What does this change do, and why? Link any issue. -->
+
+## AI assistance disclosure (required)
+
+<!-- AI-assisted PRs are welcome but get stricter review. Be specific. -->
+
+- [ ] No AI assistance.
+- [ ] AI-assisted. Tool(s) and how used: ______
+- [ ] AI-generated, human-reviewed. I have read every line and am accountable for it.
+
+## Checklist
+
+- [ ] Forked the repo; this PR comes from a branch in my fork.
+- [ ] `pytest` passes locally.
+- [ ] `python examples/demo.py` still shows all eight scenarios + tamper detection.
+- [ ] **Tests added/updated** for the behaviour changed (or explained why none are needed).
+- [ ] Updated `README.md` and `CHANGELOG.md` for any behaviour change.
+- [ ] I have **not weakened any design invariant** (see `CONTRIBUTING.md` / `ARCHITECTURE.md`):
+  no LLM in the authorization path; no credential custody; fail-closed; approvals
+  bound to fingerprint + intent and single-use; append-only signed audit chain;
+  fixed evaluation order.
+
+## Protocol / spec impact
+
+- [ ] No normative/protocol behaviour changed.
+- [ ] Normative behaviour changed — the [wire spec](https://github.com/Delego-Dev/specification)
+  and its CTK vectors are updated (or a linked spec PR does so), and
+  `__protocol_version__` stays ≤ the spec version.

delego-0.2.0/.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: test (py${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+
+      - name: Install (editable, with dev extras)
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run the test suite
+        run: pytest
+
+      - name: Run the demo (the de facto spec)
+        run: python examples/demo.py

delego-0.2.0/.github/workflows/release.yml

@@ -0,0 +1,49 @@
+name: Release
+
+# Publishes to PyPI when a GitHub Release is published, using PyPI Trusted
+# Publishing (OIDC) — no API token is stored in the repo. One-time setup: add a
+# trusted publisher on PyPI for project `delego`, repo `Delego-Dev/delego`,
+# workflow `release.yml`, environment `pypi`. See CONTRIBUTING.md.
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build sdist + wheel
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Build
+        run: |
+          python -m pip install --upgrade pip build
+          python -m build
+      - name: Check metadata
+        run: |
+          python -m pip install twine
+          twine check dist/*
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write # required for trusted publishing (OIDC)
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@release/v1

delego-0.2.0/.gitignore

@@ -0,0 +1,22 @@
+# macOS
+.DS_Store
+
+# Python
+__pycache__/
+*.pyc
+*.egg-info/
+.pytest_cache/
+build/
+dist/
+.venv/
+venv/
+
+# local delego state (keys, ledger, approvals) — never commit
+.delego/
+*.pem
+*.pub
+audit.log.jsonl
+approvals.jsonl
+
+# Claude Code local guidance (not part of the public repo)
+CLAUDE.md

delego-0.2.0/ARCHITECTURE.md

@@ -0,0 +1,90 @@
+# Architecture
+
+How delego is put together, and the invariants that define it. For the rules on
+*contributing* changes (including the design invariants you must not break), see
+[CONTRIBUTING.md](CONTRIBUTING.md). The wire protocol is specified separately at
+[Delego-Dev/specification](https://github.com/Delego-Dev/specification), which
+**leads** this reference (see [CONTRIBUTING.md](CONTRIBUTING.md)).
+
+## What delego is
+
+delego is a **policy & audit firewall for agent actions**. It sits between an
+agent and whatever credential broker holds the user's secrets, and answers the
+question brokers don't: *is this specific action the thing the human actually
+asked for?*
+
+```
+agent ──propose──▶ delego ──if allowed──▶ credential broker ──▶ service
+(LLM)            (policy +              (holds the secret,      (bank, SaaS,
+                  approval +             injects it, forwards)    API)
+                  audit)
+                    └── needs_approval ──▶ human (CLI)
+```
+
+Credential brokering (the agent never holds the secret) is a crowded, converging
+space. The harder problem delego targets is the **confused deputy**: the agent
+holds a *valid* credential, a prompt injection redirects it, the scope *covers*
+the action, so a broker happily injects the secret. The credential is the wrong
+layer to catch this — it's valid. delego authorises the *action*,
+deterministically, before any credential is used, and leaves tamper-evident proof
+of why.
+
+## Design invariants
+
+These are the reason the tool exists; a change that breaks one breaks the
+product. They are enumerated, with the "do not violate" framing, in
+[CONTRIBUTING.md](CONTRIBUTING.md):
+
+1. **No LLM in the authorization path** (`policy.py`, `engine.py`).
+2. **delego holds no credentials** and makes no upstream request itself.
+3. **Fail closed** — default `deny`; a matched-but-failed constraint is a deny.
+4. **Approvals are bound to the exact action fingerprint *and* intent, and are
+   single-use** (the confused-deputy guard in `engine.resolve`).
+5. **The audit ledger is append-only, hash-chained, and Ed25519-signed.**
+6. **Evaluation order is fixed:** forbidden → rules (first match wins) → default.
+
+## Evaluation order
+
+`policy.evaluate` is the deterministic core:
+
+1. **`forbidden`** — hard blocks, always deny, checked first.
+2. **`rules`** — first matching rule decides (`allow` / `needs_approval`),
+   subject to its constraints. A matched rule whose constraints fail becomes a
+   deny (fail-closed).
+3. **`default`** — used when nothing matched (recommended: `deny`).
+
+## Repo map
+
+- `delego/models.py` — `ProposedAction` (derives `intent_hash` from the
+  instruction, `fingerprint` from method+host+path+params) and `Decision`.
+- `delego/policy.py` — the deterministic engine: load YAML, match rules, check
+  constraints (`amount`, `allow_list`, `rate_limit`). **No LLM here.**
+- `delego/audit.py` — tamper-evident receipt chain; `ensure_keys`, `append`,
+  `verify`, `count_allows` (rate limiting reads the ledger).
+- `delego/approval.py` — file-backed human approval queue
+  (pending/approved/denied/consumed).
+- `delego/brokers.py` — `BrokerAdapter` protocol; `NullBroker` (default, holds no
+  creds, simulates execution) and `HTTPProxyBroker` (sketch, not wired).
+- `delego/engine.py` — `Firewall.propose()` / `Firewall.resolve()`; the
+  confused-deputy guard lives in `resolve`.
+- `delego/config.py` — `Paths.resolve` (home precedence), the `.gitignore`
+  written into the home, and `build_firewall()` (single wiring point for CLI +
+  MCP; loads the policy first so a missing/invalid policy fails closed).
+- `delego/cli.py` — the `delego` CLI: init, home, policy, pending, approve, deny,
+  log, verify.
+- `delego/mcp_server.py` — FastMCP server exposing `delego_propose_action`,
+  `delego_resolve_action`, `delego_audit_tail`, `delego_show_policy`.
+- `examples/demo.py` — end-to-end walkthrough; the de facto behavioural spec.
+- `tests/` — pytest suite (the demo scenarios + invariant guards).
+- `policy.example.yaml` — a generic starter policy for an HTTP/JSON API.
+
+## Conventions
+
+- Python ≥ 3.10. Core models use dataclasses (keep runtime deps light and
+  auditable — this is a security tool). Pydantic only at the MCP boundary.
+- FastMCP tools: name `delego_<verb>`, always set `annotations`
+  (`readOnlyHint` / `destructiveHint` / `idempotentHint` / `openWorldHint`) and
+  document the JSON return shape in the docstring.
+- Keep dependencies minimal and pinned-ish; justify any new one.
+- `__protocol_version__` is the highest wire-protocol version this reference
+  implements; it MUST stay ≤ the spec's version.

delego-0.2.0/CHANGELOG.md

@@ -0,0 +1,80 @@
+# Changelog
+
+All notable changes to delego are documented here. The format follows
+[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project aims to
+adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.2.0] — 2026-06-04
+
+First public release on PyPI. (0.1.0 was the initial implementation and was never
+published.) Implements wire-protocol **0.2.0**; see
+[`__protocol_version__`](delego/__init__.py).
+
+### Security
+- **Single-use approvals.** A human approval now releases its action exactly
+  once: `engine.resolve` consumes the approval before executing, so a replayed
+  `resolve` of an already-used approval is refused (`approved` → `consumed`).
+  Previously one approval could be resolved repeatedly, executing the same action
+  N times.
+- **Approvals are bound to the instruction, not only the action fingerprint.**
+  `resolve` re-checks the approval's `intent_hash`, so the same action carried
+  under a different claimed instruction is denied.
+- **Rate limits fail closed when unevaluable.** A `rate_limit` constraint with no
+  audit log to read now denies instead of silently passing.
+- **`rate_limit` on `needs_approval` rules now counts.** Approved-then-executed
+  actions carry their originating rule on the execution receipt, so the
+  ledger-backed counter attributes them correctly (previously `rule=None`, making
+  the cap a no-op).
+- **`verify()` is robust to structural tampering.** Removing a field from a
+  receipt, or corrupting a line, is now reported as a problem instead of crashing
+  verification.
+
+### Added
+- Regression tests for the above: single-use approvals, intent-bound resolve,
+  fail-closed rate limit without an audit log, and crash-free `verify()` on a
+  removed field (`tests/test_guards.py`).
+- `delego pending` now prints the originating instruction for each parked action,
+  so the human approver sees *what* they are authorising, not just the request.
+- pytest regression suite encoding the eight demo scenarios plus invariant
+  guards, with an isolated-firewall fixture (`tests/`).
+- GitHub Actions CI running the suite **and** the demo on Python 3.10–3.12
+  (`.github/workflows/ci.yml`).
+- PyPI release workflow using Trusted Publishing (`.github/workflows/release.yml`).
+- `delego/__init__.py` exporting the public API (`ProposedAction`, `Decision`,
+  `Firewall`, `Policy`, `AuditLog`, `Paths`, `build_firewall`, and the
+  `OUTCOME_*` constants).
+- Project-scoped state for Claude Code: `Paths.resolve` precedence is now
+  `--home` → `DELEGO_HOME` → project-local `./.claude/.delego` (if present) →
+  `~/.delego`; added a `delego home` command and a `.gitignore` written into the
+  home so the signing key and ledger are never committed.
+- Open-source scaffolding: `LICENSE` (Apache-2.0), `CONTRIBUTING.md`,
+  `SECURITY.md`, this changelog, and publishing metadata in `pyproject.toml`.
+
+### Changed
+- Repository restructured to the standard Python layout (package under
+  `delego/`, project files and `examples/demo.py` at the repo root) so
+  `pip install -e .` and `python examples/demo.py` work as documented.
+- Replaced the BFSI-flavoured example with a generic `api.example.com` example
+  across the policy, demo, tests, and docs.
+- Retired the committed `CLAUDE.md`; durable design notes now live in
+  `ARCHITECTURE.md`. Added `delego.__protocol_version__` (the wire-protocol
+  version this reference implements, which must stay ≤ the spec's version) and a
+  spec-first / AI-assisted-contribution policy plus a PR template.
+
+## 0.1.0 — initial implementation (never released to PyPI)
+
+### Added
+- Deterministic policy engine: forbidden → rules (first match wins) → default,
+  with `amount`, `allow_list`, and `rate_limit` constraints, all fail-closed.
+- Intent hashing and action fingerprinting (`models.py`).
+- Action-bound human approval queue and the confused-deputy guard
+  (`engine.resolve`).
+- Append-only, hash-chained, Ed25519-signed audit ledger with `verify()`.
+- The `delego` CLI (init / policy / pending / approve / deny / log / verify) and
+  a FastMCP server exposing propose / resolve / audit_tail / show_policy.
+- `NullBroker` (default; holds no credentials) and an `HTTPProxyBroker` sketch.
+
+[Unreleased]: https://github.com/Delego-Dev/delego/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/Delego-Dev/delego/releases/tag/v0.2.0

delego-0.2.0/CONTRIBUTING.md

@@ -0,0 +1,106 @@
+# Contributing to delego
+
+Thanks for your interest in delego — a policy & audit firewall for agent
+actions. Please read [ARCHITECTURE.md](ARCHITECTURE.md) before making changes: it
+documents the design and, above all, the **invariants that must not be broken**.
+
+## Design invariants (do not violate)
+
+delego is a security tool; these properties are the reason it exists. A change
+that breaks one breaks the product:
+
+1. **No LLM in the authorization path.** Authorisation is pure, inspectable
+   Python (`policy.py`, `engine.py`).
+2. **delego holds no credentials** and makes no upstream request itself —
+   execution is delegated through a `BrokerAdapter`.
+3. **Fail closed.** Default is `deny`; a matched rule whose constraints fail
+   becomes a deny, never a silent allow.
+4. **Approvals are bound to the exact action fingerprint** (the confused-deputy
+   guard in `engine.resolve`).
+5. **The audit ledger is append-only, hash-chained, and Ed25519-signed.**
+6. **Evaluation order is fixed:** forbidden → rules (first match wins) → default.
+
+If a change seems to require breaking one of these, stop and open an issue first.
+
+## Development setup
+
+Requires Python 3.10+.
+
+```bash
+git clone https://github.com/Delego-Dev/delego
+cd delego
+python -m venv .venv && . .venv/bin/activate
+pip install -e ".[dev]"
+```
+
+## Running the demo and tests
+
+The demo is the de facto spec; the test suite encodes it as regression tests.
+
+```bash
+python examples/demo.py     # 8 scenarios + tamper detection
+pytest                      # the regression suite
+```
+
+CI runs both on Python 3.10, 3.11, and 3.12 (`.github/workflows/ci.yml`). Every
+behaviour change must keep the demo green and add or adjust tests to match.
+
+## Pull requests
+
+- **Fork the repository** and open the PR from a branch in your fork; direct
+  pushes are not accepted.
+- Keep changes small and focused; explain the *why*.
+- Re-run `python examples/demo.py` and `pytest` before submitting.
+- Update `README.md`, `CHANGELOG.md`, and the tests alongside any behaviour change.
+- Confirm you have not weakened any invariant above.
+- Fill in the pull-request template completely, including the AI-assistance
+  disclosure (below).
+
+## Tests are required
+
+Every behaviour or feature change MUST ship with tests that pin the new
+behaviour — a regression test for a fix, a scenario/guard test for a feature
+(`tests/test_scenarios.py`, `tests/test_guards.py`). A PR that changes behaviour
+without tests will not be merged; if you believe a change genuinely needs none
+(pure docs, comments), say so explicitly in the PR. CI runs the suite and the
+demo on Python 3.10–3.12.
+
+## The spec leads this implementation
+
+The wire protocol is defined in
+[Delego-Dev/specification](https://github.com/Delego-Dev/specification), and the
+spec **leads** this code: a normative behaviour is specified there first, then
+implemented here. A change to authorization, the audit chain, fingerprinting, or
+approval semantics should land in the spec (with regenerated CTK vectors) before
+or alongside the implementation. This repo exposes `delego.__protocol_version__`
+(the highest protocol version it implements); it MUST stay ≤ the spec's version,
+which the spec repo's `conformance.py` enforces by replaying the CTK vectors
+against this reference.
+
+## AI-assisted contributions
+
+AI coding assistants are welcome tools, but AI-generated or AI-assisted
+contributions to a security tool carry extra risk, so:
+
+- **Disclose it.** The PR template has a required field for whether and how AI was
+  used. Be honest and specific.
+- **Expect stricter review.** AI-assisted PRs — especially ones touching the
+  decision/audit core or an invariant — receive closer scrutiny and may take
+  longer to merge. Unreviewed, bulk-generated PRs will be closed.
+- **You are accountable.** The human author is responsible for every line: that it
+  is correct, tested, and weakens no invariant or security property. "The model
+  wrote it" is not a defence.
+- **Process is the same — fork, template, tests, green CI.** No fast path for AI
+  output.
+
+## Releasing (maintainers)
+
+Releases publish to PyPI from GitHub Actions using **PyPI Trusted Publishing**
+(OIDC — no API tokens are stored in the repo). One-time setup: on PyPI, add a
+trusted publisher for project `delego` → repo `Delego-Dev/delego`, workflow
+`release.yml`, environment `pypi`. Then for each release:
+
+1. Bump `version` in `pyproject.toml` and move the `CHANGELOG.md` entries from
+   *Unreleased* into the new version.
+2. Publish a GitHub Release with tag `vX.Y.Z`.
+3. `.github/workflows/release.yml` builds the sdist + wheel and publishes them.

delego-0.2.0/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.