ez_logs_agent 0.1.3

data/lib/ez_logs_agent/capturers/job_capturer.rb

@@ -0,0 +1,261 @@
+# frozen_string_literal: true
+
+module EzLogsAgent
+  module Capturers
+    class JobCapturer
+      # Sidekiq client middleware that propagates correlation_id
+      # from the current request context into enqueued job payloads.
+      #
+      # This middleware runs at enqueue-time (when a job is scheduled),
+      # NOT at execution-time.
+      #
+      # == Behavior
+      #
+      # - Reads EzLogsAgent::Correlation.current
+      # - If present, injects it into job["correlation_id"]
+      # - Never overwrites existing job["correlation_id"]
+      # - Never raises exceptions
+      # - Always yields to next middleware
+      #
+      # == Registration
+      #
+      # Note: This middleware is automatically registered by Railtie.
+      # Users do NOT need to manually configure it.
+      #
+      # For manual setup (if not using Rails), add to your Sidekiq initializer:
+      #
+      #   Sidekiq.configure_client do |config|
+      #     config.client_middleware do |chain|
+      #       chain.add EzLogsAgent::Capturers::JobCapturer::ClientMiddleware
+      #     end
+      #   end
+      #
+      class ClientMiddleware
+        # Sidekiq client middleware hook.
+        #
+        # @param worker_class [Class] The worker class being enqueued
+        # @param job [Hash] The Sidekiq job payload (mutable)
+        # @param queue [String] The queue name
+        # @param redis_pool [ConnectionPool] Sidekiq's Redis connection pool
+        # @yield Passes control to the next middleware in the chain
+        # @return [void]
+        def call(worker_class, job, queue, redis_pool)
+          # Defensive: ensure job is a Hash
+          return yield unless job.is_a?(Hash)
+
+          begin
+            # Read current correlation_id from context
+            correlation_id = EzLogsAgent::Correlation.current
+
+            # Only inject if:
+            # 1. correlation_id is present and not empty
+            # 2. job doesn't already have one
+            if correlation_id && correlation_id.respond_to?(:empty?) && !correlation_id.empty? && !job.key?("correlation_id")
+              job["correlation_id"] = correlation_id
+            end
+          rescue StandardError => e
+            # Never crash the host application during correlation injection
+            # Log error, then continue
+            EzLogsAgent::Logger.error("[JobCapturer::ClientMiddleware] Error during correlation injection: #{e.class} - #{e.message}")
+          end
+
+          # Always yield to next middleware
+          yield
+        end
+      end
+
+      # Sidekiq server middleware that captures background job execution
+      # as background_job events.
+      #
+      # This middleware runs at execution-time (when the job runs),
+      # NOT at enqueue-time.
+      #
+      # == Behavior
+      #
+      # - Restores correlation_id from job["correlation_id"] (or generates new one)
+      # - Measures job execution duration
+      # - Captures success or failure outcome
+      # - Re-raises exceptions after capturing failure
+      # - Always clears correlation_id in ensure block
+      # - Respects capture_jobs configuration flag
+      #
+      # == Registration
+      #
+      # Note: This middleware is automatically registered by Railtie.
+      # Users do NOT need to manually configure it.
+      #
+      # For manual setup (if not using Rails), add to your Sidekiq initializer:
+      #
+      #   Sidekiq.configure_server do |config|
+      #     config.server_middleware do |chain|
+      #       chain.add EzLogsAgent::Capturers::JobCapturer::ServerMiddleware
+      #     end
+      #   end
+      #
+      class ServerMiddleware
+        # Sidekiq server middleware hook.
+        #
+        # @param worker [Object] The worker instance executing the job
+        # @param job [Hash] The Sidekiq job payload
+        # @param queue [String] The queue name
+        # @yield Executes the job
+        # @return [void]
+        def call(worker, job, queue)
+          # Skip capture if disabled
+          return yield unless EzLogsAgent.configuration.capture_jobs
+
+          # Skip excluded job classes (health checks, infrastructure jobs).
+          # Match against the underlying ActiveJob class too, not just the wrapper.
+          if excluded_job_class?(worker, job)
+            EzLogsAgent::Logger.debug("[JobCapturer::ServerMiddleware] Skipping capture (excluded job class: #{resolve_job_class(worker, job)})")
+            return yield
+          end
+
+          # Restore correlation_id from job payload (or generate new one)
+          correlation_id = job["correlation_id"] || EzLogsAgent::Correlation.generate
+          EzLogsAgent::Correlation.current = correlation_id
+
+          # Measure execution time
+          start_time = Time.now
+          result = yield
+          duration_ms = ((Time.now - start_time) * 1000).to_i
+
+          # Capture success event
+          capture_success(worker, job, queue, correlation_id, duration_ms, start_time)
+
+          result
+        rescue StandardError => error
+          # Capture failure event, then re-raise
+          capture_failure(worker, job, queue, correlation_id, error, start_time)
+          raise
+        ensure
+          # Always clear correlation_id
+          EzLogsAgent::Correlation.clear
+        end
+
+        private
+
+        # Captures successful job execution.
+        #
+        # @param worker [Object] The worker instance
+        # @param job [Hash] The Sidekiq job payload
+        # @param queue [String] The queue name
+        # @param correlation_id [String] The correlation ID
+        # @param duration_ms [Integer] Job execution duration in milliseconds
+        # @param start_time [Time] Job start time
+        # @return [void]
+        def capture_success(worker, job, queue, correlation_id, duration_ms, start_time)
+          event = EzLogsAgent::EventBuilder.build(
+            source_type: :background_job,
+            source_data: extract_job_data(worker, job, queue),
+            outcome: :success,
+            correlation_id: correlation_id,
+            duration_ms: duration_ms,
+            timestamp: start_time
+          )
+
+          EzLogsAgent::Buffer.push(event)
+        rescue StandardError => e
+          # Defensive: never crash the host application during event capture
+          EzLogsAgent::Logger.error("[JobCapturer::ServerMiddleware] Failed to capture success event: #{e.class} - #{e.message}")
+        end
+
+        # Captures failed job execution.
+        #
+        # @param worker [Object] The worker instance
+        # @param job [Hash] The Sidekiq job payload
+        # @param queue [String] The queue name
+        # @param correlation_id [String] The correlation ID
+        # @param error [StandardError] The error that caused the failure
+        # @param start_time [Time] Job start time
+        # @return [void]
+        def capture_failure(worker, job, queue, correlation_id, error, start_time)
+          event = EzLogsAgent::EventBuilder.build(
+            source_type: :background_job,
+            source_data: extract_job_data(worker, job, queue),
+            outcome: :failure,
+            correlation_id: correlation_id,
+            error_message: "#{error.class}: #{error.message}",
+            timestamp: start_time
+          )
+
+          EzLogsAgent::Buffer.push(event)
+        rescue StandardError => e
+          # Defensive: never crash the host application during event capture
+          EzLogsAgent::Logger.error("[JobCapturer::ServerMiddleware] Failed to capture failure event: #{e.class} - #{e.message}")
+        end
+
+        # Extracts relevant job data for event source_data.
+        #
+        # When the worker is the ActiveJob+Sidekiq wrapper, we surface the
+        # underlying ActiveJob class name (e.g., "ChargeCardJob") rather
+        # than the wrapper class. This mirrors how Sidekiq itself resolves
+        # the display class — see Sidekiq::JobLogger and Sidekiq::JobUtil:
+        #
+        #   job_hash["display_class"] || job_hash["wrapped"] || job_hash["class"]
+        #
+        # @param worker [Object] The worker instance
+        # @param job [Hash] The Sidekiq job payload
+        # @param queue [String] The queue name
+        # @return [Hash] Job metadata for source_data
+        def extract_job_data(worker, job, queue)
+          {
+            job_class: resolve_job_class(worker, job),
+            job_id: job["jid"],
+            queue: queue,
+            retry_count: job["retry_count"],
+            arguments: extract_arguments(job)
+          }.compact
+        end
+
+        # Sanitize the job's arguments. Sidekiq stores them in
+        # `job["args"]`. When the job is wrapped by ActiveJob, the
+        # outer args is a single-element array containing an
+        # ActiveJob payload whose `arguments` key holds the actual
+        # user-passed args — unwrap that so the dashboard shows the
+        # arguments the user wrote, not the ActiveJob plumbing.
+        def extract_arguments(job)
+          raw = job["args"]
+          return nil if raw.nil? || (raw.respond_to?(:empty?) && raw.empty?)
+
+          # ActiveJob+Sidekiq: args == [{"job_class"=>..., "arguments"=>[...], ...}]
+          if raw.is_a?(Array) && raw.size == 1 && raw.first.is_a?(Hash) && raw.first.key?("arguments")
+            raw = raw.first["arguments"]
+            return nil if raw.nil? || (raw.respond_to?(:empty?) && raw.empty?)
+          end
+
+          EzLogsAgent::Sanitizer.sanitize_args(raw)
+        rescue StandardError => e
+          EzLogsAgent::Logger.debug("[JobCapturer::ServerMiddleware] argument extraction failed: #{e.class}: #{e.message}")
+          nil
+        end
+
+        # Resolves the human-meaningful job class name, unwrapping the
+        # ActiveJob+Sidekiq adapter when present.
+        #
+        # @param worker [Object] The worker instance Sidekiq is running
+        # @param job [Hash] The Sidekiq job payload
+        # @return [String] The class name to record on the event
+        def resolve_job_class(worker, job)
+          job["display_class"] || job["wrapped"] || worker.class.name
+        end
+
+        # Checks if worker class is in the excluded list.
+        #
+        # Exclusion is matched against the same name that lands in
+        # source_data, so users can list either the Sidekiq worker class
+        # or the underlying ActiveJob class — whichever they actually own.
+        #
+        # @param worker [Object] The worker instance
+        # @param job [Hash] The Sidekiq job payload (optional; defaults to {})
+        # @return [Boolean] true if excluded, false otherwise
+        def excluded_job_class?(worker, job = {})
+          excluded = EzLogsAgent.configuration.all_excluded_job_classes
+          [worker.class.name, job["wrapped"], job["display_class"]].compact.any? { |name| excluded.include?(name) }
+        rescue StandardError
+          false
+        end
+      end
+    end
+  end
+end

data/lib/ez_logs_agent/configuration.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+module EzLogsAgent
+  # Configuration for the EzLogsAgent.
+  #
+  # == Noise Filtering Overview
+  #
+  # EzLogsAgent captures events but filters out noise at the agent level.
+  # Each capturer has its own exclusion mechanism:
+  #
+  # === HTTP Requests (middleware/http_request.rb)
+  # - excluded_paths: URL paths to ignore (supports * wildcard for prefix match)
+  # - DEFAULT_EXCLUDED_EXTENSIONS: Static file extensions (.js, .css, .png, etc.)
+  # - excluded_graphql_operations: GraphQL operations to skip (introspection, etc.)
+  #
+  # === Database Callbacks (capturers/database_capturer.rb)
+  # - excluded_tables: Table names to ignore (Rails internals, job queues, etc.)
+  # - IGNORED_ATTRIBUTES: Technical fields (created_at, lock_version, etc.)
+  # - SENSITIVE_PATTERNS: Attributes containing passwords, tokens, secrets
+  #
+  # === Background Jobs (capturers/job_capturer.rb)
+  # - excluded_job_classes: Job class names to ignore (health checks, etc.)
+  #
+  # == Server-Side vs Agent-Side Filtering
+  #
+  # The filtering philosophy:
+  # - Agent filters NOISE (introspection, assets, health checks, Rails internals)
+  # - Server classifies SIGNIFICANCE (reads vs writes) for UI filtering
+  #
+  # This means GraphQL queries and GET requests ARE captured by the agent,
+  # but the server classifies them as "background" so users can toggle visibility.
+  #
+  class Configuration
+    attr_accessor :server_url
+    attr_accessor :project_token
+    attr_accessor :capture_http
+    attr_accessor :capture_jobs
+    attr_accessor :capture_database
+    attr_accessor :excluded_paths
+    attr_accessor :excluded_tables
+    attr_accessor :excluded_job_classes
+    attr_accessor :excluded_graphql_operations
+    attr_accessor :excluded_graphql_variable_keys
+    attr_accessor :buffer_size
+    attr_accessor :retry_attempts
+    attr_accessor :send_interval
+    attr_accessor :log_level
+
+    # Actor extraction hook for HTTP requests (optional)
+    # Must be a callable (lambda/proc) that accepts (request, controller)
+    # and returns { kind:, id:, label:, metadata: } or nil
+    attr_accessor :actor_from_request
+
+    # Display name field mapping for database records (optional)
+    # Maps model class names to attribute names used for human-readable display
+    #
+    # Example:
+    #   config.display_name_for = {
+    #     "User" => :email,
+    #     "Product" => :name,
+    #     "Order" => :number
+    #   }
+    #
+    # IMPORTANT: Only use direct attributes, not associations.
+    # Associations will trigger database queries and should be avoided.
+    #
+    # If not configured for a model, falls back to: name → title → number → "##{id}"
+    attr_accessor :display_name_for
+
+    # Default paths excluded from HTTP capture - common Rails noise
+    DEFAULT_EXCLUDED_PATHS = [
+      "/rails/active_storage*",  # File uploads/downloads
+      "/assets*",                # Asset pipeline
+      "/packs*",                 # Webpacker assets
+      "/vite*",                  # Vite assets
+      "/health*",                # Health checks
+      "/up",                     # Rails 7.1+ health check
+      "/alive",                  # Kubernetes liveness probe
+      "/ready",                  # Kubernetes readiness probe
+      "/metrics",                # Prometheus metrics endpoint
+      "/favicon.ico",            # Browser favicon
+      "/*.hot-update.*",         # Hot module replacement
+      "/.well-known*",           # Well-known URIs (security.txt, etc.)
+      "/robots.txt",             # Search engine crawler config
+      "/sitemap.xml",            # Sitemap for crawlers
+      "/cable*",                 # ActionCable WebSocket connections
+      "/sidekiq",                # Sidekiq Web UI dashboard root (the conventional mount)
+      "/sidekiq/*",              # Sidekiq Web UI sub-paths (auto-poll noise)
+      # Authentication pages - not meaningful business actions
+      # Use */path* patterns to match auth routes anywhere (e.g., /admin/logout)
+      "*/sign_in*",              # Devise and common sign in (matches /users/sign_in, /admin/sign_in)
+      "*/sign_out*",             # Devise and common sign out
+      "*/login*",                # Common auth pattern (matches /login, /admin/login)
+      "*/logout*",               # Common auth pattern (matches /logout, /admin/logout)
+      "/users/password*",        # Devise password reset/edit
+      "/session*"                # Common auth pattern
+    ].freeze
+
+    # Default file extensions excluded from HTTP capture - static assets
+    # These are matched against the path suffix regardless of directory
+    DEFAULT_EXCLUDED_EXTENSIONS = %w[
+      .js .css .map
+      .png .jpg .jpeg .gif .svg .ico .webp
+      .woff .woff2 .ttf .eot .otf
+    ].freeze
+
+    # Default tables excluded from database capture - Rails internal tables
+    DEFAULT_EXCLUDED_TABLES = [
+      "schema_migrations",
+      "ar_internal_metadata",
+      "sessions",                         # ActiveRecord session store (plural)
+      "session",                          # ActiveRecord session store (singular)
+      "active_storage_blobs",             # ActiveStorage internals
+      "active_storage_attachments",
+      "active_storage_variant_records",
+      "solid_queue_jobs",                 # SolidQueue internals
+      "solid_queue_scheduled_executions",
+      "solid_queue_ready_executions",
+      "solid_queue_claimed_executions",
+      "solid_queue_blocked_executions",
+      "solid_queue_failed_executions",
+      "solid_queue_pauses",
+      "solid_queue_processes",
+      "solid_queue_semaphores",
+      "solid_queue_recurring_tasks",
+      "solid_queue_recurring_executions",
+      "solid_cache_entries",              # SolidCache internals
+      "solid_cable_messages"              # SolidCable internals
+    ].freeze
+
+    # Default job classes excluded from background job capture - infrastructure/health check jobs
+    DEFAULT_EXCLUDED_JOB_CLASSES = [
+      "SidekiqAlive::Worker",             # Sidekiq health check
+      "SolidQueue::CleanupJob",           # SolidQueue maintenance
+      "SolidQueue::RecurringJob"          # SolidQueue scheduler internals
+    ].freeze
+
+    # Default GraphQL operations excluded from capture - introspection and IDE queries
+    # Supports exact match and prefix match (patterns ending with *)
+    DEFAULT_EXCLUDED_GRAPHQL_OPERATIONS = [
+      "IntrospectionQuery",               # Standard IDE introspection query
+      "__*"                               # All introspection fields (__schema, __type, etc.)
+    ].freeze
+
+    def initialize
+      @server_url = nil
+      @project_token = nil
+      @capture_http = true
+      @capture_jobs = true
+      @capture_database = true
+      @excluded_paths = []                 # User-defined; combined with DEFAULT_EXCLUDED_PATHS
+      @excluded_tables = []                # User-defined; combined with DEFAULT_EXCLUDED_TABLES
+      @excluded_job_classes = []           # User-defined; combined with DEFAULT_EXCLUDED_JOB_CLASSES
+      @excluded_graphql_operations = []    # User-defined; combined with DEFAULT_EXCLUDED_GRAPHQL_OPERATIONS
+      @excluded_graphql_variable_keys = [] # User-defined; additional sensitive variable key patterns to filter
+      @buffer_size = 10_000                # Increased for high-volume workloads (job-heavy apps)
+      @retry_attempts = 3
+      @send_interval = 3                   # More frequent sends for better throughput
+      @log_level = :warn
+      @actor_from_request = nil  # Not configured by default
+      @display_name_for = {}     # Not configured by default
+    end
+
+    # Returns all excluded paths (defaults + user-configured)
+    def all_excluded_paths
+      DEFAULT_EXCLUDED_PATHS + (@excluded_paths || [])
+    end
+
+    # Returns all excluded tables (defaults + user-configured)
+    def all_excluded_tables
+      DEFAULT_EXCLUDED_TABLES + (@excluded_tables || [])
+    end
+
+    # Returns all excluded job classes (defaults + user-configured)
+    def all_excluded_job_classes
+      DEFAULT_EXCLUDED_JOB_CLASSES + (@excluded_job_classes || [])
+    end
+
+    # Returns all excluded GraphQL operations (defaults + user-configured)
+    def all_excluded_graphql_operations
+      DEFAULT_EXCLUDED_GRAPHQL_OPERATIONS + (@excluded_graphql_operations || [])
+    end
+  end
+end

data/lib/ez_logs_agent/configuration_validator.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+module EzLogsAgent
+  # Validates EzLogsAgent configuration and provides actionable error messages.
+  #
+  # Used at boot-time by Railtie and by the test_connection rake task
+  # to ensure configuration is valid before attempting to capture or send events.
+  #
+  # Validation philosophy:
+  # - Only validate what will cause hard failures
+  # - Provide clear, actionable error messages
+  # - Warnings for optional but recommended config
+  # - Never crash the host application
+  #
+  class ConfigurationValidator
+    # Result of configuration validation
+    #
+    # @attr_reader [Array<String>] errors Critical configuration errors
+    # @attr_reader [Array<String>] warnings Non-critical configuration warnings
+    ValidationResult = Struct.new(:errors, :warnings) do
+      def valid?
+        errors.empty?
+      end
+
+      def has_warnings?
+        warnings.any?
+      end
+    end
+
+    # Validates the given configuration
+    #
+    # @param config [EzLogsAgent::Configuration] Configuration to validate
+    # @return [ValidationResult] Validation result with errors and warnings
+    def self.validate(config)
+      errors = []
+      warnings = []
+
+      # Required: server_url must be set
+      if config.server_url.nil? || config.server_url.to_s.strip.empty?
+        errors << "server_url is required. Set it in config/initializers/ez_logs_agent.rb"
+      elsif !valid_url?(config.server_url)
+        errors << "server_url must be a valid URL (got: #{config.server_url})"
+      end
+
+      # Optional but recommended: project_token
+      if config.project_token.nil? || config.project_token.to_s.strip.empty?
+        warnings << "project_token is not set. Authentication may fail if the server requires it."
+      end
+
+      # Validate numeric fields
+      if config.buffer_size && (!config.buffer_size.is_a?(Integer) || config.buffer_size <= 0)
+        errors << "buffer_size must be a positive integer (got: #{config.buffer_size})"
+      end
+
+      if config.retry_attempts && (!config.retry_attempts.is_a?(Integer) || config.retry_attempts < 0)
+        errors << "retry_attempts must be a non-negative integer (got: #{config.retry_attempts})"
+      end
+
+      if config.send_interval && (!config.send_interval.is_a?(Numeric) || config.send_interval <= 0)
+        errors << "send_interval must be a positive number (got: #{config.send_interval})"
+      end
+
+      # Validate log_level
+      if config.log_level && !valid_log_level?(config.log_level)
+        errors << "log_level must be one of: :debug, :info, :warn, :error (got: #{config.log_level})"
+      end
+
+      # Validate boolean fields
+      unless [true, false].include?(config.capture_http)
+        errors << "capture_http must be true or false (got: #{config.capture_http})"
+      end
+
+      unless [true, false].include?(config.capture_jobs)
+        errors << "capture_jobs must be true or false (got: #{config.capture_jobs})"
+      end
+
+      unless [true, false].include?(config.capture_database)
+        errors << "capture_database must be true or false (got: #{config.capture_database})"
+      end
+
+      # Validate array fields
+      if config.excluded_paths && !config.excluded_paths.is_a?(Array)
+        errors << "excluded_paths must be an array (got: #{config.excluded_paths.class})"
+      end
+
+      if config.excluded_tables && !config.excluded_tables.is_a?(Array)
+        errors << "excluded_tables must be an array (got: #{config.excluded_tables.class})"
+      end
+
+      if config.excluded_job_classes && !config.excluded_job_classes.is_a?(Array)
+        errors << "excluded_job_classes must be an array (got: #{config.excluded_job_classes.class})"
+      end
+
+      if config.excluded_graphql_operations && !config.excluded_graphql_operations.is_a?(Array)
+        errors << "excluded_graphql_operations must be an array (got: #{config.excluded_graphql_operations.class})"
+      end
+
+      # Validate actor_from_request is callable if present
+      if config.actor_from_request && !config.actor_from_request.respond_to?(:call)
+        errors << "actor_from_request must be a callable (lambda/proc) or nil"
+      end
+
+      # Validate display_name_for is a hash if present
+      if config.display_name_for && !config.display_name_for.is_a?(Hash)
+        errors << "display_name_for must be a hash (got: #{config.display_name_for.class})"
+      end
+
+      # Warning if all capture flags are disabled
+      if !config.capture_http && !config.capture_jobs && !config.capture_database
+        warnings << "All capture flags are disabled. No events will be captured."
+      end
+
+      ValidationResult.new(errors, warnings)
+    end
+
+    # Checks if the given string is a valid URL
+    #
+    # @param url [String] URL to validate
+    # @return [Boolean] true if valid URL
+    def self.valid_url?(url)
+      return false unless url.is_a?(String)
+
+      uri = URI.parse(url)
+      uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
+    rescue URI::InvalidURIError
+      false
+    end
+
+    # Checks if the given log level is valid
+    #
+    # @param level [Symbol] Log level to validate
+    # @return [Boolean] true if valid log level
+    def self.valid_log_level?(level)
+      %i[debug info warn error].include?(level)
+    end
+
+    private_class_method :valid_url?, :valid_log_level?
+  end
+end

data/lib/ez_logs_agent/correlation.rb

@@ -0,0 +1,40 @@
+require "securerandom"
+require "request_store"
+
+module EzLogsAgent
+  module Correlation
+    STORE_KEY = :ez_logs_correlation_id
+
+    # Generate a new unique correlation ID
+    # Format: ezl_<timestamp_ms>_<random_hex_8>
+    #
+    # @return [String] A new correlation ID
+    def self.generate
+      timestamp_ms = (Time.now.to_f * 1000).to_i
+      random_hex = SecureRandom.hex(4) # 8 chars
+      "ezl_#{timestamp_ms}_#{random_hex}"
+    end
+
+    # Get the current correlation ID (or nil)
+    #
+    # @return [String, nil] The current correlation ID or nil if not set
+    def self.current
+      RequestStore.store[STORE_KEY]
+    end
+
+    # Set the current correlation ID
+    #
+    # @param value [String, nil] The correlation ID to store
+    # @return [String, nil] The stored value
+    def self.current=(value)
+      RequestStore.store[STORE_KEY] = value
+    end
+
+    # Clear the current correlation ID
+    #
+    # @return [void]
+    def self.clear
+      RequestStore.store.delete(STORE_KEY)
+    end
+  end
+end