smplkit 3.0.96 → 3.0.97

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1d765730dd1bb26ebf38f16627878d7d33220bc20bd005b98b12303a18e88c1
-  data.tar.gz: 1109c9cd1b02865ae3d2148a8232509b185d828ed8762c025cf82dcfc9c9c09e
+  metadata.gz: c317a0f573d990742547e60f7e17bba0bd65a6abc13dae8bcf8ab13ca7e167e3
+  data.tar.gz: c02f2385189d409d3f1a8263156f0a659e55ae762d4c2f9940bdf6a51d61f19d
 SHA512:
-  metadata.gz: '099f6f60a8acdbd5804cd32743d7f6d6e28261de9901f08a354536da0e49a8b3cec0809790106b072cd7275daa60fdd4279b979dca22590ae74d87382bed04ed'
-  data.tar.gz: '089e631caa282df42aea0344a2e38fe17795e2d773d6799e6684ee1d389d418b0d4c1714fcf398c70b8961fdd4919b11c1b7b56f26b8e7a6e1b631853ac12447'
+  metadata.gz: 33f03cf3bde2e7a38b9856b558be13546c374ceddec2c02ec9cb5d454922f373d46f39188e86ffbbba194421318b9d04bba1a966ac2930ad088c6cf46f6d7cf5
+  data.tar.gz: 91337cdc5b3da03eae931e8b67b7454d0d04925e667446b49ba003ecd0c6bcd091f319f15df58d2c926f818a563a5ab4648ef769261ffacc9422636f125dd3a6

data/lib/smplkit/account/client.rb

@@ -9,9 +9,11 @@ module Smplkit
     #
     # +base_url+/+api_key+ are used directly when both are supplied (the path
     # the top-level client takes after it has already resolved them); otherwise
-    # the management config resolver fills in whatever is missing.
+    # the config resolver fills in whatever is missing.
+    #
+    # @api private
     def self.resolve_account_target(api_key:, base_url:, profile:, base_domain:, scheme:, debug:, extra_headers:)
-      cfg = ConfigResolution.resolve_management_config(
+      cfg = ConfigResolution.resolve_client_config(
         profile: profile, api_key: api_key, base_domain: base_domain, scheme: scheme, debug: debug
       )
       resolved_key = api_key.nil? ? cfg.api_key : api_key
@@ -37,12 +39,17 @@ module Smplkit
         }.merge(extra_headers || {})
       end
 
+      # Fetch the authenticated account's current settings.
+      #
+      # @return [Smplkit::Account::AccountSettings] An active record. Mutate its
+      #   fields and call +save+ to persist the changes.
       def get
         resp = connection.get(SETTINGS_PATH)
         Errors.raise_for_status(resp.status, resp.body.to_s)
         AccountSettings.new(self, data: parse_body(resp.body))
       end
 
+      # @api private
       def _save(data)
         resp = connection.put(SETTINGS_PATH) { |req| req.body = JSON.generate(data) }
         Errors.raise_for_status(resp.status, resp.body.to_s)

data/lib/smplkit/account/models.rb

@@ -14,23 +14,40 @@ module Smplkit
       end
 
       # The full settings dict. Mutations are persisted on save.
+      #
+      # @return [Hash] The full settings dict.
       def raw
         @data
       end
 
+      # Replace the full settings dict.
+      #
+      # @param value [Hash] The new settings dict.
+      # @return [void]
       def raw=(value)
         @data = value.dup
       end
 
       # Canonical ordering of STANDARD environments. Empty list if unset.
+      #
+      # @return [Array<String>] The environment ids in canonical order.
       def environment_order
         Array(@data["environment_order"] || [])
       end
 
+      # Set the canonical ordering of STANDARD environments.
+      #
+      # @param value [Array<String>] The environment ids in canonical order.
+      # @return [void]
       def environment_order=(value)
         @data["environment_order"] = value.to_a
       end
 
+      # Write the full settings object back to the account.
+      #
+      # @return [AccountSettings] +self+, updated with the server response.
+      # @raise [RuntimeError] If this model was constructed without a client
+      #   (e.g. built by hand rather than returned from +get+).
       def save
         raise "AccountSettings was constructed without a client; cannot save" if @client.nil?
 
@@ -45,6 +62,7 @@ module Smplkit
       end
       alias inspect to_s
 
+      # @api private
       def _apply(other)
         @data = other.raw.dup
       end

data/lib/smplkit/api_support.rb

@@ -2,6 +2,8 @@
 
 module Smplkit
   # Ruby-internal adapters bridging the generated client layer to the wrapper.
+  #
+  # @api private
   module ApiSupport
     # Default page[size] the runtime asks for when walking a list endpoint to
     # completion. The platform caps page[size] at 1000; using the same value
@@ -14,6 +16,8 @@ module Smplkit
     # status-coded failures route through +Errors.raise_for_status+ which emits
     # +NotFoundError+ / +ConflictError+ / +ValidationError+ / +Error+ depending
     # on the JSON:API body.
+    #
+    # @api private
     module ErrorMapping
       module_function
 
@@ -44,6 +48,8 @@ module Smplkit
     # server returns fewer rows than requested — the platform's standard
     # last-page signal across every offset-paginated list endpoint. Returns the
     # concatenated +response.data+ rows.
+    #
+    # @api private
     module PaginatedFetch
       module_function
 
@@ -65,6 +71,8 @@ module Smplkit
 
     # Deep-stringify Hash keys so resources returned by generated +to_hash+
     # (symbol-keyed) match what the wrapper helpers expect (string-keyed).
+    #
+    # @api private
     module ResourceShim
       module_function
 

data/lib/smplkit/audit/buffer.rb

@@ -3,13 +3,15 @@
 module Smplkit
   module Audit
     # Bounded in-memory queue + worker thread for fire-and-forget audit
-    # emits (ADR-047 §2.6).
+    # emits.
     #
     # +#enqueue+ returns immediately. The worker drains on either a
     # periodic tick or once depth crosses the high-water mark, retries
     # transient failures with exponential backoff, drops permanent 4xx
     # (other than 429), and evicts the oldest item under sustained
     # back-pressure.
+    #
+    # @api private
     class EventBuffer
       MAX_BUFFER_SIZE = 1000
       WATERMARK = 50

data/lib/smplkit/audit/categories.rb

@@ -5,21 +5,32 @@ module Smplkit
     # +client.audit.categories.list+ — distinct +category+ values seen for
     # the account.
     #
-    # Backed by a maintain-by-write side table populated whenever an event
-    # is recorded with a non-null +category+ (ADR-047 §2.5), so the response
-    # time is independent of how many years of events the account has
-    # accumulated. Sorted alphabetically; offset pagination (+page_number+ /
-    # +page_size+) per ADR-014.
+    # Response time is independent of how many years of events the account has
+    # accumulated. Sorted alphabetically; offset paginated.
     class Categories
       def initialize(api)
         @api = api
       end
 
-      # +environments+ is an optional array of environment keys (and/or the
-      # reserved +"smplkit"+ control-plane bucket) used to scope the read;
-      # the values are comma-joined into +filter[environment]+. Omitting it
-      # (or passing an empty array) leaves the filter unset — identical to
-      # the prior behavior on the wire.
+      # List the distinct +category+ values seen in the account.
+      #
+      # +environments+ scopes the listing to a set of environments: pass an
+      # array of environment keys and/or the reserved +"smplkit"+ control-plane
+      # bucket; the values are comma-joined into +filter[environment]+. Omitting
+      # it (or passing an empty array) leaves the filter off entirely.
+      #
+      # @param page_number [Integer, nil] 1-based page index. Omit for the first
+      #   page.
+      # @param page_size [Integer, nil] Maximum number of categories to return in
+      #   this page.
+      # @param meta_total [Boolean, nil] When +true+, populate +total+ and
+      #   +total_pages+ in the returned page's +pagination+ block (costs an extra
+      #   count server-side). Omit to skip it.
+      # @param environments [Array<String>, nil] Environment keys and/or the
+      #   reserved +"smplkit"+ control-plane bucket to scope the listing to. Omit
+      #   to leave the filter off entirely.
+      # @return [Smplkit::Audit::CategoryListPage] A page of the matching
+      #   category values.
       def list(page_number: nil, page_size: nil, meta_total: nil, environments: nil)
         opts = {}
         opts[:page_number] = page_number if page_number

data/lib/smplkit/audit/client.rb

@@ -4,12 +4,22 @@ module Smplkit
   module Audit
     # The Smpl Audit client — accessed via +client.audit+.
     #
-    # One client exposes the full surface — there is no runtime/management
-    # split for audit. Owns event recording and read-side queries:
-    # fire-and-forget +#events.record+, plus the audit-log +list+ / +get+ and
-    # the distinct-value listings (+resource_types+, +event_types+,
-    # +categories+) that back the Activity tab filter dropdowns, plus SIEM
-    # forwarder CRUD on +#forwarders+. ADR-047 §2.7.
+    # One client exposes the full surface — event recording and reads,
+    # distinct-value discovery, and SIEM forwarder CRUD. Owns fire-and-forget
+    # +#events.record+, plus the audit-log +list+ / +get+ and the distinct-value
+    # listings (+resource_types+, +event_types+, +categories+), plus SIEM
+    # forwarder CRUD on +#forwarders+.
+    #
+    # @param api_key [String] API key used to authenticate every request.
+    # @param base_url [String] Full audit-service base URL.
+    # @param environment [String, nil] Deployment environment to scope recording
+    #   and reads to. Optional — forwarder CRUD and discovery are
+    #   environment-agnostic, and reads accept an explicit +environments: [...]+
+    #   filter.
+    # @param timeout [Float] Per-request timeout, in seconds. Defaults to +10.0+.
+    # @param extra_headers [Hash{String => String}, nil] Extra headers attached
+    #   to every request. SDK-owned headers (authorization, content-type,
+    #   user-agent) cannot be overridden.
     class AuditClient
       attr_reader :events, :resource_types, :event_types, :categories, :forwarders
 

data/lib/smplkit/audit/event_types.rb

@@ -7,22 +7,38 @@ module Smplkit
     #
     # Without +filter_resource_type+, returns one row per distinct
     # event type — an event type recorded with multiple resource_types appears
-    # once. With the filter, returns the event types seen with that
-    # specific resource_type, powering the cascading-filter behavior
-    # on the Activity tab.
+    # once. With the filter, returns the event types seen with that specific
+    # resource_type, which supports building a cascading resource-type-then-
+    # event-type filter.
     #
-    # ADR-047 §2.5. Sorted alphabetically; offset pagination
-    # (+page_number+ / +page_size+) per ADR-014.
+    # Sorted alphabetically; offset paginated.
     class EventTypes
       def initialize(api)
         @api = api
       end
 
-      # +environments+ is an optional array of environment keys (and/or the
-      # reserved +"smplkit"+ control-plane bucket) used to scope the read;
-      # the values are comma-joined into +filter[environment]+. Omitting it
-      # (or passing an empty array) leaves the filter unset — identical to
-      # the prior behavior on the wire.
+      # List the distinct +event_type+ slugs seen in the account.
+      #
+      # +environments+ scopes the listing to a set of environments: pass an
+      # array of environment keys and/or the reserved +"smplkit"+ control-plane
+      # bucket; the values are comma-joined into +filter[environment]+. Omitting
+      # it (or passing an empty array) leaves the filter off entirely.
+      #
+      # @param filter_resource_type [String, nil] Restrict the listing to
+      #   event_types seen with this +resource_type+. Omit to list every distinct
+      #   event_type.
+      # @param page_number [Integer, nil] 1-based page index. Omit for the first
+      #   page.
+      # @param page_size [Integer, nil] Maximum number of slugs to return in this
+      #   page.
+      # @param meta_total [Boolean, nil] When +true+, populate +total+ and
+      #   +total_pages+ in the returned page's +pagination+ block (costs an extra
+      #   count server-side). Omit to skip it.
+      # @param environments [Array<String>, nil] Environment keys and/or the
+      #   reserved +"smplkit"+ control-plane bucket to scope the listing to. Omit
+      #   to leave the filter off entirely.
+      # @return [Smplkit::Audit::EventTypeListPage] A page of the matching
+      #   event-type slugs.
       def list(filter_resource_type: nil, page_number: nil, page_size: nil, meta_total: nil, environments: nil)
         opts = {}
         opts[:filter_resource_type] = filter_resource_type if filter_resource_type

data/lib/smplkit/audit/events.rb

@@ -4,9 +4,9 @@ module Smplkit
   module Audit
     # Audit events surface — accessed via +client.audit.events+.
     #
-    # +#record+ is fire-and-forget per ADR-047 §2.6 — the call enqueues
-    # the event onto an in-memory bounded buffer and returns
-    # immediately. +#list+ and +#get+ are synchronous reads.
+    # +#record+ is fire-and-forget — the call enqueues the event onto an
+    # in-memory bounded buffer and returns immediately. +#list+ and +#get+
+    # are synchronous reads.
     class Events
       def initialize(api)
         @api = api
@@ -15,18 +15,53 @@ module Smplkit
 
       # Enqueue an audit event for asynchronous delivery.
       #
+      # Returns immediately — the buffer's worker thread performs the actual
+      # POST with retry on transient failures.
+      #
       # Actor attribution (+actor_type+, +actor_id+, +actor_label+) is
       # customer-supplied and free-form. The audit service stores
       # whatever the caller passed and never backfills from the request
       # credential — supply the fields explicitly when you want the
       # event attributed.
       #
-      # Customer attempts to record events with +resource_type+ starting
-      # with +smpl.+ are rejected by the server with a 403 (the buffer
-      # logs and drops permanent failures).
+      # @param event_type [String] What happened (e.g. +"invoice.created"+).
+      #   Any non-empty string.
+      # @param resource_type [String] Kind of resource the event is about (e.g.
+      #   +"invoice"+). Any non-empty string. Customer events must NOT use the
+      #   +smpl.+ prefix — that namespace is reserved for smplkit-emitted events
+      #   and the server rejects customer attempts with a 403 (the buffer logs
+      #   and drops permanent failures).
+      # @param resource_id [String] Identifier of the affected resource.
+      # @param occurred_at [Time, DateTime, String, nil] When the event happened
+      #   in the originating system. Defaults to +now+ server-side if omitted.
+      # @param actor_type [String, nil] Free-form label for the kind of actor
+      #   that caused the event (e.g. +"USER"+, +"API_KEY"+, +"SYSTEM"+, or any
+      #   custom value). The audit service never backfills this from the request
+      #   credential — supply it explicitly when you want the event attributed.
+      # @param actor_id [String, nil] Free-form identifier of the actor that
+      #   caused the event. Any string scheme is accepted.
+      # @param actor_label [String, nil] Human-readable label for the actor
+      #   (e.g. an email address or API key name).
+      # @param category [String, nil] Optional free-form bucket label for the
+      #   event (e.g. +"auth"+, +"billing"+, +"config-change"+). Stored exactly
+      #   as supplied; powers the audit log's category filter and the
+      #   +categories+ discovery listing ({Smplkit::Audit::AuditClient#categories}).
+      #   Omit it to leave the event uncategorized.
+      # @param data [Hash, nil] Free-form contextual JSON. To record a resource
+      #   snapshot, place it inside +data+ — smplkit's own convention nests it at
+      #   +data["snapshot"]+ for consistency, but the shape is unconstrained.
+      # @param idempotency_key [String, nil] Optional caller-supplied idempotency
+      #   key. If omitted, the server derives one from event content (account_id
+      #   + event_type + resource_type + resource_id + occurred_at + actor_* +
+      #   data).
+      # @param do_not_forward [Boolean] When +true+, the audit service records
+      #   the event normally but does NOT POST it through any configured SIEM
+      #   forwarder. A +skipped_do_not_forward+ delivery row is recorded for each
+      #   enabled forwarder so the skip is visible in the forwarder delivery log.
+      # @return [void]
       def record(event_type:, resource_type:, resource_id:,
                  occurred_at: nil, actor_type: nil, actor_id: nil,
-                 actor_label: nil, data: nil, idempotency_key: nil,
+                 actor_label: nil, category: nil, data: nil, idempotency_key: nil,
                  do_not_forward: false)
         raise ArgumentError, "event_type is required" if event_type.nil? || event_type.to_s.empty?
         raise ArgumentError, "resource_type is required" if resource_type.nil? || resource_type.to_s.empty?
@@ -55,6 +90,7 @@ module Smplkit
           actor_type: actor_type,
           actor_id: actor_id,
           actor_label: actor_label,
+          category: category,
           data: data || {},
           do_not_forward: do_not_forward
         )
@@ -69,22 +105,55 @@ module Smplkit
 
       # Single-event retrieval.
       #
-      # Raises {Smplkit::NotFoundError} when no event with that id
-      # exists in the caller's account.
+      # @param event_id [String] The event's UUID, as a string parseable as one.
+      # @return [Smplkit::Audit::AuditEvent] The matching event.
+      # @raise [Smplkit::NotFoundError] If no event with that id exists in the
+      #   caller's account.
       def get(event_id)
         resp = Smplkit::Audit.call_api { @api.get_event(event_id) }
         AuditEvent.from_resource(resp.data)
       end
 
-      # List events with filters and cursor pagination. Returns a
-      # +Smplkit::Audit::ListEventsPage+ whose +#events+ is the page and
-      # +#next_cursor+ is the opaque token for the next page (or nil).
+      # List audit events for the authenticated account.
+      #
+      # Filters apply server-side. +actor_id+ is matched as a literal string
+      # against whatever the recording call stored. Pagination uses an opaque
+      # cursor (+page_after+); the returned page exposes +#next_cursor+ when
+      # more pages are available.
+      #
+      # +search+ is an optional free-text filter: pass a string to return only
+      # events whose +resource_id+ or +description+ contains it as a
+      # case-insensitive substring; omit it (the default) to disable text
+      # filtering. A +search+ filter must be scoped — combine it with
+      # +occurred_at_range+, or with both +resource_type+ and +resource_id+ —
+      # or the request is rejected.
       #
-      # +environments+ is an optional array of environment keys (and/or the
-      # reserved +"smplkit"+ control-plane bucket) used to scope the read; the
-      # values are comma-joined into +filter[environment]+. Omitting it (or
-      # passing an empty array) leaves the filter unset — identical to the
-      # prior behavior on the wire.
+      # @param event_type [String, nil] Return only events with this
+      #   +event_type+. Omit to match any.
+      # @param resource_type [String, nil] Return only events about this
+      #   +resource_type+. Omit to match any.
+      # @param resource_id [String, nil] Return only events about this resource
+      #   id. Omit to match any.
+      # @param actor_type [String, nil] Return only events whose +actor_type+
+      #   equals this value. Omit to match any.
+      # @param actor_id [String, nil] Return only events whose +actor_id+
+      #   matches this value as a literal string. Omit to match any.
+      # @param occurred_at_range [String, nil] Restrict to events whose
+      #   +occurred_at+ falls in this range. Omit to leave the time window open.
+      # @param search [String, nil] Optional free-text filter — returns only
+      #   events whose +resource_id+ or +description+ contains it as a
+      #   case-insensitive substring. Must be scoped (combine with
+      #   +occurred_at_range+, or with both +resource_type+ and +resource_id+)
+      #   or the request is rejected. Omit to disable text filtering.
+      # @param environments [Array<String>, nil] Environment keys (and/or the
+      #   reserved +"smplkit"+ control-plane bucket) to scope the read to. Omit
+      #   to leave the filter off entirely.
+      # @param page_size [Integer, nil] Maximum number of events to return in
+      #   this page.
+      # @param page_after [String, nil] Opaque cursor from a previous page's
+      #   +next_cursor+. Omit for the first page.
+      # @return [Smplkit::Audit::ListEventsPage] A page of the matching events;
+      #   its +#next_cursor+ is set when more pages are available.
       def list(event_type: nil, resource_type: nil, resource_id: nil,
                actor_type: nil, actor_id: nil, occurred_at_range: nil,
                search: nil, environments: nil, page_size: nil, page_after: nil)
@@ -112,6 +181,13 @@ module Smplkit
       end
 
       # Block until the in-memory buffer is drained or the timeout elapses.
+      #
+      # Useful for draining buffered events at process shutdown or after a batch
+      # of fire-and-forget records.
+      #
+      # @param timeout [Float, nil] Upper bound on the blocking flush, in
+      #   seconds. +nil+ blocks indefinitely. Defaults to +5.0+.
+      # @return [void]
       def flush(timeout: 5.0)
         @buffer.flush(timeout: timeout)
       end

data/lib/smplkit/audit/forwarders.rb

@@ -34,8 +34,9 @@ module Smplkit
       # @param name [String] Display name. Defaults to +id+ when not supplied.
       # @param forwarder_type [String] One of {Smplkit::Audit::ForwarderType::VALUES}.
       # @param configuration [Smplkit::Audit::HttpConfiguration] Destination
-      #   request configuration. Headers carry credentials and are encrypted at
-      #   rest server-side; reads return them redacted.
+      #   request configuration. Header values often carry credentials and are
+      #   returned in plaintext on reads, so a get-mutate-put round-trip
+      #   preserves them without re-entering secrets.
       # @param environments [Hash{String => Smplkit::Audit::ForwarderEnvironment, Hash}, nil]
       #   Per-environment overrides keyed by environment key (e.g.
       #   +"production"+). A forwarder delivers in an environment only when that
@@ -85,12 +86,19 @@ module Smplkit
 
       # List forwarders for the authenticated account.
       #
-      # Offset paginated per ADR-014: pass +page_number+ (1-based) and
-      # +page_size+ (default 1000, max 1000). Pass +meta_total: true+ to populate
-      # +total+ and +total_pages+ in the returned +pagination+ block (costs an
-      # extra COUNT query server-side).
+      # Offset paginated: pass +page_number+ (1-based) and +page_size+
+      # (default 1000, max 1000).
       #
-      # @return [ForwarderListPage]
+      # @param forwarder_type [String, nil] Restrict the listing to forwarders of
+      #   this {Smplkit::Audit::ForwarderType}. Omit to list every type.
+      # @param page_number [Integer, nil] 1-based page index. Omit for the first
+      #   page.
+      # @param page_size [Integer, nil] Maximum number of forwarders to return in
+      #   this page (default 1000, max 1000).
+      # @param meta_total [Boolean, nil] When +true+, populate +total+ and
+      #   +total_pages+ in the returned page's +pagination+ block (costs an extra
+      #   count server-side). Omit to skip it.
+      # @return [ForwarderListPage] A page of the matching forwarders.
       def list(forwarder_type: nil, page_number: nil, page_size: nil, meta_total: nil)
         opts = {}
         opts[:filter_forwarder_type] = ForwarderType.coerce(forwarder_type) if forwarder_type
@@ -104,16 +112,19 @@ module Smplkit
       end
 
       # Fetch a single forwarder by id. The returned instance is bound to this
-      # client, so +forwarder.save+ and +forwarder.delete+ work.
+      # client, so +forwarder.save+ and +forwarder.delete+ work. Header values
+      # come back in plaintext, so mutating the returned forwarder and calling
+      # +save+ preserves them without re-entering secrets.
       #
-      # @param forwarder_id [String]
-      # @return [Smplkit::Audit::Forwarder]
+      # @param forwarder_id [String] The forwarder's id (key).
+      # @return [Smplkit::Audit::Forwarder] The matching forwarder, bound to this client.
+      # @raise [Smplkit::NotFoundError] If no live forwarder with that id exists.
       def get(forwarder_id)
         resp = Audit.call_api { @api.get_forwarder(forwarder_id) }
         Forwarder.from_resource(resp.data, client: self)
       end
 
-      # Soft-delete a forwarder.
+      # Delete a forwarder.
       #
       # @param forwarder_id [String]
       # @return [nil]
@@ -136,9 +147,9 @@ module Smplkit
       # @api private — Full-replace PUT for an existing forwarder. Called by
       #   {Smplkit::Audit::Forwarder#save} on instances with +created_at+.
       #
-      # Header values must be re-supplied as plaintext; the GET path redacts
-      # them, so a PUT body containing +"<redacted>"+ would persist that literal.
-      # Track real header values client-side and round-trip them.
+      # Header values come back in plaintext on the GET path, so a fetched
+      # forwarder round-trips through this full-replace PUT with its header
+      # values intact — no need to re-enter secrets.
       def _update_forwarder(forwarder)
         raise ArgumentError, "cannot update a Forwarder with no id" if forwarder.id.nil?
 
@@ -183,8 +194,8 @@ module Smplkit
       end
 
       def build_attrs(forwarder)
-        # The base ``enabled`` is server-pinned false (ADR-055); we don't send
-        # it. Enablement travels entirely through ``environments``.
+        # The base +enabled+ is server-pinned false; we don't send it.
+        # Enablement travels entirely through +environments+.
         SmplkitGeneratedClient::Audit::Forwarder.new(
           name: forwarder.name,
           description: forwarder.description,