recon-tool 0.4.1__tar.gz

recon_tool-0.4.1/.github/workflows/ci.yml

@@ -0,0 +1,72 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Lint
+        run: ruff check recon_tool/
+
+  typecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Type check
+        run: pyright recon_tool/
+
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        python-version: ["3.10", "3.11", "3.12"]
+        exclude:
+          - os: macos-latest
+            python-version: "3.10"
+          - os: windows-latest
+            python-version: "3.10"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Test
+        run: pytest tests/ --cov=recon_tool --cov-report=term-missing

recon_tool-0.4.1/.github/workflows/release.yml

@@ -0,0 +1,102 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+  id-token: write  # Required for PyPI trusted publishing
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Run tests
+        run: pytest tests/ -q
+
+      - name: Lint
+        run: ruff check recon_tool/
+
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish-pypi:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write  # Trusted publishing via OIDC
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Extract changelog
+        id: changelog
+        run: |
+          # Extract the section for this version from CHANGELOG.md
+          VERSION="${GITHUB_REF_NAME#v}"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          # Grab everything between this version header and the next
+          awk "/^## \[${VERSION}\]/{found=1; next} /^## \[/{if(found) exit} found{print}" CHANGELOG.md > release_notes.md
+          cat release_notes.md
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: "v${{ steps.changelog.outputs.version }}"
+          body_path: release_notes.md
+          draft: false
+          prerelease: false
+          files: dist/*

recon_tool-0.4.1/.gitignore

@@ -0,0 +1,49 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+*.egg
+*.egg-info/
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Build
+dist/
+build/
+*.whl
+
+# Test / Coverage
+.pytest_cache/
+.hypothesis/
+.coverage
+.coverage.*
+coverage.xml
+htmlcov/
+
+# Linting
+.ruff_cache/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+Desktop.ini
+
+# Env
+.env
+.venv/
+venv/
+env/
+
+# Logs
+*.log
+
+# Kiro
+.kiro/
+/archive

recon_tool-0.4.1/CHANGELOG.md

@@ -0,0 +1,163 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.4.1] — 2026-04-11
+
+### Changed
+
+- Added PyPI trusted publishing via GitHub Actions (OIDC, no API tokens).
+- Added package metadata: classifiers, keywords, project URLs for PyPI listing.
+- Fixed duplicate file warnings in wheel build by removing redundant `force-include`.
+
+## [0.4.0] — 2026-04-11
+
+### Added
+
+- `--html` output — self-contained single-file HTML report with inline CSS, no JavaScript. Professional styling for sharing via email or archiving.
+- `--csv` output for batch mode — flat CSV with one row per domain. Columns: domain, provider, display_name, tenant_id, auth_type, confidence, email_security_score, service_count, dmarc_policy, mta_sts_mode, google_auth_type.
+- Lightweight local disk cache — `~/.recon/cache/` with configurable TTL (default 24h). CLI flags: `--no-cache` to bypass, `--cache-ttl` to override. JSON files on disk, lazy eviction, no external dependencies.
+- `recon mcp` subcommand — start the MCP server from the CLI instead of `python -m recon_tool.server`.
+- `recon doctor --fix` — scaffolds template `~/.recon/fingerprints.yaml` and `~/.recon/signals.yaml` with inline YAML comments explaining the format.
+
+### Changed
+
+- Inference language tightened across insights and signals. Derived claims now use hedged language ("suggests," "indicators," "likely") instead of declarative phrasing. Factual observations (DMARC values, DKIM presence, email security scores) remain declarative.
+- Removed `_preprocess_args()` sys.argv mutation hack. Domain shorthand routing (`recon pepsi.com`) now uses a custom Typer group with `resolve_command()` override — cleaner, safer for library imports, no global state mutation.
+- `_SUBCOMMANDS` now includes `"mcp"`.
+- Mutual exclusion enforced for output format flags (`--json`, `--md`, `--html`, `--csv`).
+
+## [0.3.0] — 2026-04-11
+
+### Added
+
+- Google Workspace identity routing — new `GoogleIdentitySource` detects federated vs. managed auth by querying Google's public login flow. Extracts IdP name (Okta, Ping, Entra, etc.) for federated domains. Produces `google-federated`/`google-managed` slugs.
+- Google Workspace CNAME module probing — detects active GWS modules (Mail, Calendar, Docs, Drive, Sites, Groups) via `ghs.googlehosted.com` CNAME resolution. Concurrent queries for all 6 prefixes.
+- BIMI/VMC corporate identity extraction — fetches VMC certificates from BIMI `a=` URLs and extracts legally verified organization name, country, state, locality. Falls back to regex parsing when `cryptography` library is unavailable.
+- Google site-verification token extraction — captures `google-site-verification` token values from TXT records for cross-domain organizational relationship mapping.
+- MTA-STS policy fetch — when `_mta-sts` TXT record is found, fetches the policy file and extracts the mode (enforce/testing/none). Adds `mta-sts-enforce` slug for enforcing domains.
+- TLS-RPT detection — detects `v=TLSRPTv1` records at `_smtp._tls.{domain}` with `tls-rpt` slug.
+- Enhanced CSE config probing — extracts KACLS URL and multiple key service provider names from Google Workspace CSE configuration.
+- Evidence traceability — new `EvidenceRecord` frozen dataclass captures source type, raw value, rule name, and slug for every detection. Propagated through the merge pipeline to `TenantInfo`. Included in `--json` output and `--verbose` display.
+- Confidence separation — dual confidence model: `evidence_confidence` (how many sources contributed) and `inference_confidence` (strength of logical chain). Backward-compatible `confidence` field = min of both.
+- Per-detection corroboration scoring — each detected slug gets a confidence score (high/medium/low) based on how many independent record types corroborate it.
+- Fingerprint metadata enrichment — `provider_group` and `display_group` fields on fingerprint YAML entries. Formatter uses these for categorization, falling back to keyword heuristics.
+- Cross-domain site-verification correlation in chain mode — domains sharing identical `google-site-verification` tokens are surfaced as organizationally related.
+- 5 new Google Workspace signals: Google Workspace Full Suite, Google Federated Identity, Google MTA-STS Enforcing, plus updates to Google-Native Identity and Google Cloud Investment.
+- 4 new posture rules: google_federated_identity, google_managed_identity, mta_sts_enforcing, tls_rpt_configured.
+- Google Workspace insight generators: federated/managed identity insights, module summary insights.
+- New data models: `EvidenceRecord`, `BIMIIdentity`. Extended `SourceResult`, `TenantInfo`, `Fingerprint` with new fields.
+- 98 new tests (506 → 604 total). Test coverage 84%.
+
+### Changed
+
+- `default_pool()` now includes `GoogleIdentitySource` (5 sources total).
+- `merge_results()` propagates evidence, computes dual confidence, detection scores, and merges Google auth/BIMI/MTA-STS/site-verification data.
+- `build_insights_with_signals()` accepts `google_auth_type` and `google_idp_name` parameters.
+- `format_tenant_dict()` includes all new fields in JSON output.
+- `format_tenant_markdown()` includes Google Workspace section and dual confidence.
+- `render_tenant_panel()` shows GWS auth/modules, verbose evidence chains and detection scores.
+- `lookup_tenant` MCP tool text format includes GWS auth and module summary.
+- `_detect_email_security()` now also queries TLS-RPT, fetches MTA-STS policy, and parses BIMI VMC.
+- `_detect_txt()` extracts site-verification tokens and creates evidence records.
+- Fingerprints YAML: added `provider_group`/`display_group` to Microsoft 365, Google Workspace, and other key entries. Added TLS-RPT fingerprint.
+- 29 signals (was 26). 22 posture rules (was 18).
+
+## [0.2.0] — 2026-04-11
+
+### Added
+
+- Certificate intelligence — crt.sh metadata extraction (issuance velocity, issuer diversity, cert age, top issuers) from the existing crt.sh JSON response. No additional HTTP requests. Surfaced in panel, JSON, and markdown output.
+- Metadata-aware signal engine — signals can now match on `dmarc_policy`, `auth_type`, `email_security_score`, `spf_include_count`, and `issuance_velocity` via YAML `metadata` conditions. Supports slug-only, metadata-only, and conjunction signals. 23 → 26 signals (4 layers).
+- Neutral posture analysis — new `--posture` flag and `analyze_posture` MCP tool. Produces factual observations about domain configuration (email, identity, infrastructure, SaaS footprint, certificates, consistency) without attack/defense framing. YAML-driven rules in `data/posture.yaml` with `~/.recon/posture.yaml` additive override.
+- Delta mode — `--compare previous.json` compares a live lookup against a previous JSON export. Surfaces added/removed services, slugs, signals, and scalar field changes (auth type, DMARC, confidence, domain count). Panel output with +/- markers, JSON output with structured diff.
+- Recursive domain chaining — `--chain --depth N` (max 3) follows related domains via CNAME/CT breadcrumbs using BFS. 50-domain cap, visited-set deduplication, aggregate timeout. New `chain_lookup` MCP tool.
+- 3 new metadata-aware signals: Federated Identity with Complex Email Delegation, Active Email Sending with Minimal Security, High Certificate Issuance Activity.
+- 18 posture observation rules across 6 categories.
+- 7 new frozen dataclasses: `CertSummary`, `MetadataCondition`, `SignalContext`, `Observation`, `DeltaReport`, `ChainResult`, `ChainReport`.
+- 51 new tests (455 → 506 total). Test coverage 83%.
+
+### Changed
+
+- `--full` now implies `--posture` in addition to `--services`, `--domains`, `--verbose`.
+- `evaluate_signals()` now accepts a `SignalContext` instead of positional args. All callers updated.
+- "Security Gap — Gateway Without DMARC Enforcement" signal moved from hardcoded Python check to YAML metadata conditions.
+- `reload_data` MCP tool now also clears posture rule cache and reports posture rule count.
+- README updated: broader audience description, new feature table rows, new CLI examples, new MCP tools listed.
+- Roadmap updated: completed items marked, new future items added.
+
+## [0.1.3] — 2026-04-11
+
+### Added
+
+- Common subdomain probing — ~35 high-signal prefixes (auth, login, sso, shop, api, status, cdn, etc.) are probed directly via DNS CNAME lookups. Works even when crt.sh is down.
+- 30 new CNAME-based fingerprints for SaaS services discovered via subdomain CNAMEs: Okta (CNAME), Auth0, OneLogin, Salesforce Marketing Cloud, AWS ELB/S3/Elastic Beanstalk, Azure Front Door, Google Cloud Run/App Engine, Zendesk/Freshdesk (hosted), Contentful, Braze, Segment, Statuspage, LaunchDarkly, Cloudinary, Imgix, Optimizely, WalkMe, and more (156 → 186 total).
+- crt.sh degraded notice — when crt.sh is unreachable, a subtle note appears in panel, markdown, and JSON output (`"partial": true`) so users know results may be incomplete.
+- Lightweight subdomain enrichment — subdomains get CNAME+TXT-only lookups (2 queries each) instead of full DNS fingerprinting (~20 queries each), keeping enrichment fast.
+
+### Changed
+
+- crt.sh subdomain cap raised from 20 to 100, with signal-based prioritization (auth/login/shop/api subdomains first, deep internal subdomains last).
+- Enrichment cap raised from 10 to 25, with priority sorting so high-signal subdomains survive the cap.
+- Two-tier enrichment: subdomains get lightweight CNAME+TXT lookups, separate domains get full DNS fingerprinting.
+- Updated 8 signal rules to include new CNAME-detected slugs (imperva, auth0, onelogin, salesforce-mc, aws-elb, aws-s3, gcp-app, azure-fd, optimizely, walkme, braze, iterable, customerio, launchdarkly, contentful, etc.).
+
+## [0.1.2] — 2026-04-11
+
+### Added
+
+- Google Workspace source — passive CSE config probing (`cse.{domain}/.well-known/cse-configuration`) for detecting Client-Side Encryption and external key managers.
+- Google DKIM attribution — `google._domainkey` now adds the `google-workspace` slug, so Google Workspace is detected even when MX points to an email gateway (Proofpoint, Mimecast, Trend Micro, etc.).
+- 4 new signal rules: Google-Native Identity, High-Security Posture (CSE), Google Cloud Investment, Dual Email Provider (13 → 24 total).
+- Custom signals support via `~/.recon/signals.yaml` (additive, mirrors fingerprint extensibility).
+- Certificate transparency integration via crt.sh for passive subdomain discovery.
+- Expanded DKIM selector coverage — now checks common ESP selectors (Mailchimp, SendGrid, Mailgun, Postmark, Mimecast) in addition to Exchange and Google.
+- SRV record detection for Microsoft Teams (legacy SIP/federation), XMPP, CalDAV, CardDAV.
+- 13 new fingerprints: Box, Egnyte, Glean, Datadog, New Relic, PagerDuty, Render, Ping Identity, CyberArk, Lakera, Cato Networks, Rippling, Deel (143 → 156 total).
+- `recon doctor` now checks crt.sh connectivity, signal database loading, and custom signals path.
+- "Why recon?" comparison table in README.
+- Expanded MCP Server section with setup steps, tools table, and config file locations per client.
+- `CLAUDE.md` for Claude Code project context.
+- `.kiro/steering/recon-project.md` for Kiro IDE context.
+- `CHANGELOG.md`, `CONTRIBUTING.md`.
+- `examples/` folder with sample JSON output and batch file (all fictional data).
+- GitHub Actions CI workflow (Python 3.10–3.13, lint, type check, tests).
+
+### Changed
+
+- Confidence scoring — M365 domains now reach High when OIDC tenant ID is corroborated by UserRealm (display name, auth type, or tenant domains). Previously required 2+ sources returning the same tenant ID, which never happened in practice.
+- Non-M365 confidence — domains with 8+ DNS services and 2+ successful sources now reach High. Thresholds adjusted (was: 5 services for Medium, High unreachable).
+- Skype for Business / Lync → Microsoft Teams — SRV records `_sip._tls` and `_sipfederationtls._tcp` pointing to `lync.com` now labeled as "Microsoft Teams" (deduplicated with CNAME-based detection). Microsoft retired Skype for Business Online in July 2021.
+- Dual provider insight — shortened from "Hybrid/migration signal: Google email + Microsoft services detected" to "Dual provider: Google + Microsoft coexistence". No longer styled as a warning.
+- Panel color palette — muted, modern tones replacing harsh ANSI primaries. Labels use `dim` instead of `bold`. Panel border is `dim`. Confidence colors: sage green (High), sky blue (Medium), terracotta (Low).
+- Panel alignment — services and insights now use consistent label:value column alignment. Service continuation lines align under the first service name. Long insights word-wrap within the panel.
+- All README examples now use fictional companies (Northwind Traders, Contoso, Fabrikam).
+- README tagline updated to be more precise and humble.
+- Panel output: fixed width (80 chars), related domains now dim instead of cyan.
+- Updated Enterprise Security Stack, Zero Trust Posture, and Enterprise IT Maturity signals to include new security slugs.
+
+## [0.1.0] — 2026-04-10
+
+### Added
+
+- Initial release.
+- Domain intelligence CLI (`recon lookup`, `recon batch`, `recon doctor`).
+- MCP server with `lookup_tenant` and `reload_data` tools.
+- Three concurrent data sources: OIDC Discovery, GetUserRealm + Autodiscover, DNS records.
+- 143 SaaS/service fingerprints in `data/fingerprints.yaml` across 14 categories.
+- Signal intelligence engine with 3-layer evaluation (single-category, cross-category composites, consistency checks).
+- Email security scoring (0–5) based on DMARC, DKIM, SPF strict, MTA-STS, BIMI.
+- Related domain auto-enrichment from CNAME breadcrumbs.
+- Custom fingerprint support via `~/.recon/fingerprints.yaml`.
+- Rich terminal output with bordered panels, colored signals, and provider detection.
+- Output formats: default panel, `--json`, `--md`, `--services`, `--full`, `--sources`.
+- Batch mode with configurable concurrency (1–20) and ordered output.
+- Input normalization (URLs, schemes, www prefix, paths, whitespace).
+- SSRF protection in HTTP transport.
+- Retry with exponential backoff on 429/503 responses.
+- Structured exit codes (0, 2, 3, 4).
+- `defusedxml` for safe XML parsing.
+- Strict type checking with Pyright, linting with Ruff.

recon_tool-0.4.1/CLAUDE.md

@@ -0,0 +1,62 @@
+# recon
+
+Passive domain intelligence CLI and MCP server. Queries public DNS records and unauthenticated Microsoft/Google endpoints — no credentials or API keys.
+
+## What it does
+
+`recon <domain>` returns: company name, email provider, tenant ID, auth type, email security score (0-5), 186 SaaS service fingerprints, security stack detection, signal intelligence (AI adoption, GTM maturity, org size hints), and related domains (via CNAME breadcrumbs + certificate transparency + common subdomain probing).
+
+## Commands
+
+```bash
+recon northwindtraders.com              # default panel output
+recon northwindtraders.com --json       # structured JSON
+recon northwindtraders.com --md         # markdown report
+recon northwindtraders.com --full       # everything
+recon batch domains.txt --json          # batch mode
+recon doctor                            # connectivity check
+```
+
+## Project structure
+
+- `recon_tool/` — source code
+  - `cli.py` — Typer CLI, entry point is `run()`
+  - `resolver.py` — orchestrates concurrent source queries
+  - `sources/` — OIDC, UserRealm, DNS lookup sources (DNS includes crt.sh cert transparency)
+  - `fingerprints.py` + `data/fingerprints.yaml` — SaaS detection (data-driven, no code changes needed)
+  - `signals.py` + `data/signals.yaml` — signal intelligence engine
+  - `insights.py` — derived intelligence from fingerprint matches
+  - `merger.py` — result merging, confidence scoring
+  - `formatter.py` — Rich terminal output, JSON, markdown
+  - `server.py` — MCP server (FastMCP, stdio transport)
+  - `http.py` — SSRF-safe HTTP client with retry/backoff
+  - `validator.py` — domain input validation
+  - `models.py` — frozen dataclasses (TenantInfo, SourceResult)
+- `tests/` — 455 tests, pytest + hypothesis
+- `data/fingerprints.yaml` — 186 SaaS fingerprints
+- `data/signals.yaml` — 3-layer signal definitions (23 signals)
+
+## Development
+
+```bash
+pip install -e ".[dev]"
+pytest tests/                    # run tests
+ruff check recon_tool/           # lint
+pyright recon_tool/              # type check
+```
+
+## Key patterns
+
+- All source queries run concurrently via `asyncio.gather`
+- Fingerprints and signals are YAML-driven — edit data files, not code
+- Models are frozen dataclasses (immutable)
+- HTTP transport has SSRF protection and retry with exponential backoff
+- MCP server has TTL cache (120s) and per-domain rate limiting
+- Custom fingerprints go in `~/.recon/fingerprints.yaml` (additive only)
+- Custom signals go in `~/.recon/signals.yaml` (additive only)
+
+## Testing
+
+- Integration tests are skipped by default (`-m 'not integration'`)
+- Run `pytest -m integration` for network tests
+- All examples in README use fictional companies (Northwind Traders, Contoso, Fabrikam)

recon_tool-0.4.1/CONTRIBUTING.md

@@ -0,0 +1,56 @@
+# Contributing
+
+Thanks for your interest in contributing to recon.
+
+## Quick Start
+
+```bash
+git clone https://github.com/blisspixel/recon.git
+cd recon
+pip install -e ".[dev]"
+pytest tests/
+```
+
+## Adding Fingerprints
+
+The easiest way to contribute is adding new SaaS fingerprints. Edit `recon_tool/data/fingerprints.yaml`:
+
+```yaml
+- name: Service Name
+  slug: service-slug          # lowercase, unique identifier
+  category: Category Name     # use an existing category if possible
+  confidence: high             # high, medium, or low
+  detections:
+    - type: txt                # txt, spf, mx, ns, cname, subdomain_txt, caa, srv
+      pattern: "^service-domain-verification="
+      description: What this record means
+```
+
+Run `recon doctor` to validate your fingerprint loads correctly, then test against a domain you know uses the service.
+
+## Adding Signals
+
+Custom signal rules go in `~/.recon/signals.yaml`:
+
+```yaml
+signals:
+  - name: My Custom Signal
+    category: Custom
+    confidence: medium
+    description: What this signal means
+    requires:
+      any: [slug-a, slug-b, slug-c]    # fingerprint slugs to match
+    min_matches: 2                       # how many must be present
+```
+
+## Code Changes
+
+- Run `ruff check recon_tool/` and `pyright recon_tool/` before submitting.
+- Run `pytest tests/` to verify nothing breaks.
+- Integration tests (`pytest -m integration`) require network access and are skipped by default.
+
+## Pull Requests
+
+- Keep PRs focused — one feature or fix per PR.
+- Fingerprint-only PRs are welcome and easy to review.
+- Include a brief description of what you changed and why.

recon_tool-0.4.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 recon-tool contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.