@haaaiawd/second-nature 0.1.26 → 0.1.29

package/runtime/observability/services/runtime-secret-anchor-view.js

@@ -0,0 +1,168 @@
+/**
+ * RuntimeSecretAnchorView — T-OBS.C.7
+ *
+ * Core logic:
+ *   viewSecretAnchor() probes the encryption key anchor and returns a
+ *   RuntimeSecretAnchorView that describes the current health status.
+ *
+ *   Three detection scenarios (DR-034):
+ *     1. Key path missing / env var not set → status "missing"
+ *        reasonCode: "runtime_secret_anchor_missing"
+ *     2. Key path present but sample decrypt fails with wrong-key signal
+ *        reasonCode: "credential_recovery_required"
+ *     3. Key path present but decrypt call throws / unrecoverable error
+ *        reasonCode: "runtime_secret_unavailable"
+ *
+ *   RecoveryStep[] is always inline in the view (DR-034).
+ *   Key plaintext is NEVER stored or returned (ADR-007).
+ *   Only the key path (env var name / file path) is included.
+ *
+ * Test coverage: tests/unit/observability/runtime-secret-anchor-view.test.ts
+ */
+// ─── Recovery step templates ─────────────────────────────────────────────────
+const RECOVERY_STEPS_MISSING = [
+    {
+        step: 1,
+        action: "Locate your encryption key from a secure vault or backup (see AGENTS.md §Bootstrap Recovery).",
+    },
+    {
+        step: 2,
+        action: "Set the environment variable specified in keyPath to the correct key value.",
+        command: "export SECOND_NATURE_ENCRYPTION_KEY=<your-key>",
+    },
+    {
+        step: 3,
+        action: "Restart the agent process or reload the workspace to pick up the new environment variable.",
+    },
+    {
+        step: 4,
+        action: "Run `self_health` to confirm the anchor status changes to verified.",
+    },
+];
+const RECOVERY_STEPS_WRONG_KEY = [
+    {
+        step: 1,
+        action: "The environment variable is set but the key does not match stored credentials. Retrieve the correct key from your vault.",
+    },
+    {
+        step: 2,
+        action: "Replace the current environment variable value with the correct key.",
+        command: "export SECOND_NATURE_ENCRYPTION_KEY=<correct-key>",
+    },
+    {
+        step: 3,
+        action: "If the correct key is unavailable, initiate credential re-encryption with the new key (see AGENTS.md §Credential Rotation).",
+    },
+    {
+        step: 4,
+        action: "Run `self_health` to verify the anchor resolves to verified.",
+    },
+];
+const RECOVERY_STEPS_UNAVAILABLE = [
+    {
+        step: 1,
+        action: "The key path exists but the encryption subsystem encountered an unexpected error. Check agent logs for details.",
+    },
+    {
+        step: 2,
+        action: "Ensure no other process is locking the key file or environment context.",
+    },
+    {
+        step: 3,
+        action: "If the error persists, rotate the key following the procedure in AGENTS.md §Credential Rotation.",
+    },
+    {
+        step: 4,
+        action: "Run `self_health` after remediation to confirm resolution.",
+    },
+];
+const RECOVERY_STEPS_VERIFIED = [];
+// ─── Public API ──────────────────────────────────────────────────────────────
+/**
+ * Probe the encryption key anchor and return a safe view.
+ *
+ * Guarantees:
+ *   - keyPath is a path string (env var name or file path), never a value.
+ *   - No field in the returned object contains the key plaintext.
+ *   - recoverySteps is always populated when status ≠ "verified".
+ */
+export async function viewSecretAnchor(deps) {
+    const now = (deps.now ?? (() => new Date().toISOString()))();
+    const keyPath = deps.runtimeOpsPort.getEncryptionKeyPath();
+    // Step 1: check whether the key path exists
+    let keyExists;
+    try {
+        keyExists = await deps.runtimeOpsPort.checkKeyPathExists(keyPath);
+    }
+    catch {
+        // checkKeyPathExists itself threw — treat as missing
+        keyExists = false;
+    }
+    if (!keyExists) {
+        return {
+            anchorId: "primary",
+            keyPath,
+            status: "missing",
+            lastCheckedAt: now,
+            recoveryDocRef: "AGENTS.md#bootstrap-recovery",
+            recoverySteps: RECOVERY_STEPS_MISSING,
+            reasonCode: "runtime_secret_anchor_missing",
+        };
+    }
+    // Step 2: try a sample decrypt to validate the key is correct
+    let sampleResult;
+    try {
+        sampleResult = await deps.credentialPort.verifySampleDecrypt();
+    }
+    catch {
+        // verifySampleDecrypt threw — key exists but subsystem is broken
+        return {
+            anchorId: "primary",
+            keyPath,
+            status: "decryption_failed",
+            lastCheckedAt: now,
+            recoveryDocRef: "AGENTS.md#bootstrap-recovery",
+            rotationSchedule: "on workspace migration or manual rotation request",
+            checkedCredentialIds: [],
+            recoverySteps: RECOVERY_STEPS_UNAVAILABLE,
+            reasonCode: "runtime_secret_unavailable",
+        };
+    }
+    if (sampleResult.status === "ok") {
+        return {
+            anchorId: "primary",
+            keyPath,
+            status: "verified",
+            lastCheckedAt: now,
+            recoveryDocRef: "AGENTS.md#bootstrap-recovery",
+            rotationSchedule: "on workspace migration or manual rotation request",
+            checkedCredentialIds: sampleResult.checkedIds,
+            recoverySteps: RECOVERY_STEPS_VERIFIED,
+        };
+    }
+    if (sampleResult.status === "wrong_key") {
+        return {
+            anchorId: "primary",
+            keyPath,
+            status: "wrong_key",
+            lastCheckedAt: now,
+            recoveryDocRef: "AGENTS.md#bootstrap-recovery",
+            rotationSchedule: "on workspace migration or manual rotation request",
+            checkedCredentialIds: sampleResult.checkedIds,
+            recoverySteps: RECOVERY_STEPS_WRONG_KEY,
+            reasonCode: "credential_recovery_required",
+        };
+    }
+    // sampleResult.status === "error"
+    return {
+        anchorId: "primary",
+        keyPath,
+        status: "decryption_failed",
+        lastCheckedAt: now,
+        recoveryDocRef: "AGENTS.md#bootstrap-recovery",
+        rotationSchedule: "on workspace migration or manual rotation request",
+        checkedCredentialIds: sampleResult.checkedIds,
+        recoverySteps: RECOVERY_STEPS_UNAVAILABLE,
+        reasonCode: "runtime_secret_unavailable",
+    };
+}

package/runtime/observability/services/self-health-snapshot.d.ts

@@ -0,0 +1,92 @@
+/**
+ * SelfHealthSnapshot — T-OBS.C.2
+ *
+ * Core logic: Run independent health probes for each registered dimension,
+ * each with per-probe timeout (DR-036). Total cap: 3000ms via Promise.allSettled.
+ * Returns SelfHealthSnapshot with overall status and per-dimension results.
+ *
+ * DR-036 timeouts:
+ *   env / storage         200ms  → unknown + probe_timeout:env
+ *   cron / bridge         500ms  → unknown + probe_timeout:cron
+ *   secret / credential   1000ms → unknown + probe_timeout:secret
+ *   delivery / circuit    800ms  → unknown + probe_timeout:delivery
+ *   state_memory          500ms  → degraded + state_memory_unavailable
+ *
+ * DR-032 circular dependency degradation:
+ *   If state-memory is unavailable, narrative_timeline and digest probes
+ *   return degraded — other probes are unaffected.
+ *
+ * Total timeout:
+ *   All probes run concurrently via Promise.allSettled, capped at 3000ms.
+ *   If ALL probes time out: overall = "unknown", reason = "all_probes_timed_out".
+ *
+ * Dynamic dimension registration:
+ *   Callers can register additional probe functions via registerHealthProbe().
+ *   Minimum required dimensions are always included.
+ *
+ * Test coverage: tests/unit/observability/self-health-snapshot.test.ts
+ */
+export type HealthStatus = "healthy" | "degraded" | "unknown";
+export interface DimensionHealth {
+    status: HealthStatus;
+    reason?: string;
+    checkedAt: string;
+    lastKnownAt?: string;
+}
+export interface SelfHealthSnapshot {
+    generatedAt: string;
+    overall: HealthStatus;
+    /** Populated if overall = "unknown" due to all probes timing out */
+    reason?: string;
+    /** Timestamp of last successful snapshot (for all-timeout fallback) */
+    lastKnownAt?: string;
+    dimensions: Record<string, DimensionHealth>;
+    diagnosticReasonCodes: string[];
+    /** Dimension IDs that are degraded or unknown */
+    degradedDimensions: string[];
+}
+/** A probe function: resolves with DimensionHealth or throws on error */
+export type HealthProbeFunction = () => Promise<DimensionHealth>;
+export interface RegisteredProbe {
+    dimensionId: string;
+    probe: HealthProbeFunction;
+    timeoutMs: number;
+    /** If true, timeout returns "degraded" instead of "unknown" (DR-032 state-memory path) */
+    timeoutAsDegraded?: boolean;
+}
+export declare const MINIMUM_REQUIRED_DIMENSIONS: string[];
+/**
+ * Register a health probe for a named dimension.
+ * Built-in minimum dimensions are registered by default with no-op probes
+ * that return healthy. Callers override with real probe functions.
+ */
+export declare function registerHealthProbe(probe: RegisteredProbe): void;
+/**
+ * Remove a probe from the registry (useful for testing).
+ */
+export declare function unregisterHealthProbe(dimensionId: string): void;
+/**
+ * Clear all registered probes (useful for testing).
+ */
+export declare function clearHealthProbeRegistry(): void;
+/** Get all currently registered probes. */
+export declare function getRegisteredProbes(): RegisteredProbe[];
+/**
+ * Ensure minimum required dimensions are represented in the registry.
+ * Existing registrations (real probes) are not overwritten.
+ */
+export declare function ensureMinimumProbes(): void;
+export interface HealthProbeScope {
+    /** If specified, only run probes for these dimension IDs */
+    dimensions?: string[];
+}
+/**
+ * Run all registered health probes and assemble SelfHealthSnapshot.
+ *
+ * Probes run concurrently (Promise.allSettled) with per-probe timeouts (DR-036).
+ * Total cap: 3000ms.
+ * All-timeout fallback: overall = "unknown", reason = "all_probes_timed_out".
+ *
+ * DR-032: state_memory probe timeout marks narrative_timeline + digest as degraded too.
+ */
+export declare function getSelfHealthSnapshot(scope?: HealthProbeScope, lastKnownAt?: string): Promise<SelfHealthSnapshot>;

package/runtime/observability/services/self-health-snapshot.js

@@ -0,0 +1,251 @@
+/**
+ * SelfHealthSnapshot — T-OBS.C.2
+ *
+ * Core logic: Run independent health probes for each registered dimension,
+ * each with per-probe timeout (DR-036). Total cap: 3000ms via Promise.allSettled.
+ * Returns SelfHealthSnapshot with overall status and per-dimension results.
+ *
+ * DR-036 timeouts:
+ *   env / storage         200ms  → unknown + probe_timeout:env
+ *   cron / bridge         500ms  → unknown + probe_timeout:cron
+ *   secret / credential   1000ms → unknown + probe_timeout:secret
+ *   delivery / circuit    800ms  → unknown + probe_timeout:delivery
+ *   state_memory          500ms  → degraded + state_memory_unavailable
+ *
+ * DR-032 circular dependency degradation:
+ *   If state-memory is unavailable, narrative_timeline and digest probes
+ *   return degraded — other probes are unaffected.
+ *
+ * Total timeout:
+ *   All probes run concurrently via Promise.allSettled, capped at 3000ms.
+ *   If ALL probes time out: overall = "unknown", reason = "all_probes_timed_out".
+ *
+ * Dynamic dimension registration:
+ *   Callers can register additional probe functions via registerHealthProbe().
+ *   Minimum required dimensions are always included.
+ *
+ * Test coverage: tests/unit/observability/self-health-snapshot.test.ts
+ */
+// ─── DR-036 Timeout Constants ─────────────────────────────────────────────────
+const PROBE_TIMEOUTS = {
+    env: 200,
+    storage: 200,
+    cron: 500,
+    bridge: 500,
+    secret: 1000,
+    credential: 1000,
+    delivery: 800,
+    circuit_breaker: 800,
+    dream: 800,
+    state_memory: 500,
+    narrative_timeline: 500,
+    digest: 500,
+};
+const STATE_MEMORY_DEGRADED_DIMENSIONS = new Set([
+    "state_memory",
+    "narrative_timeline",
+    "digest",
+]);
+const TOTAL_TIMEOUT_MS = 3000;
+// ─── Minimum required dimensions ─────────────────────────────────────────────
+export const MINIMUM_REQUIRED_DIMENSIONS = [
+    "env",
+    "cron",
+    "secret",
+    "credential",
+    "storage",
+    "delivery",
+    "dream",
+    "bridge",
+    "circuit_breaker",
+    "state_memory",
+];
+// ─── Registry ─────────────────────────────────────────────────────────────────
+const _probeRegistry = new Map();
+/**
+ * Register a health probe for a named dimension.
+ * Built-in minimum dimensions are registered by default with no-op probes
+ * that return healthy. Callers override with real probe functions.
+ */
+export function registerHealthProbe(probe) {
+    _probeRegistry.set(probe.dimensionId, probe);
+}
+/**
+ * Remove a probe from the registry (useful for testing).
+ */
+export function unregisterHealthProbe(dimensionId) {
+    _probeRegistry.delete(dimensionId);
+}
+/**
+ * Clear all registered probes (useful for testing).
+ */
+export function clearHealthProbeRegistry() {
+    _probeRegistry.clear();
+}
+/** Get all currently registered probes. */
+export function getRegisteredProbes() {
+    return Array.from(_probeRegistry.values());
+}
+// ─── Default probes for minimum dimensions ───────────────────────────────────
+function makeDefaultProbe(dimensionId) {
+    const timeoutMs = PROBE_TIMEOUTS[dimensionId] ?? 500;
+    const timeoutAsDegraded = STATE_MEMORY_DEGRADED_DIMENSIONS.has(dimensionId);
+    return {
+        dimensionId,
+        timeoutMs,
+        timeoutAsDegraded,
+        probe: async () => ({
+            status: "healthy",
+            checkedAt: new Date().toISOString(),
+        }),
+    };
+}
+/**
+ * Ensure minimum required dimensions are represented in the registry.
+ * Existing registrations (real probes) are not overwritten.
+ */
+export function ensureMinimumProbes() {
+    for (const dim of MINIMUM_REQUIRED_DIMENSIONS) {
+        if (!_probeRegistry.has(dim)) {
+            _probeRegistry.set(dim, makeDefaultProbe(dim));
+        }
+    }
+}
+// ─── Probe runner ─────────────────────────────────────────────────────────────
+/**
+ * Run a single probe with per-probe timeout.
+ * On timeout: returns unknown (or degraded for state_memory path, DR-032).
+ * On error: returns unknown + error message.
+ */
+async function runProbeWithTimeout(rp, now) {
+    const timeoutStatus = rp.timeoutAsDegraded ? "degraded" : "unknown";
+    const timeoutReason = STATE_MEMORY_DEGRADED_DIMENSIONS.has(rp.dimensionId)
+        ? "state_memory_unavailable"
+        : `probe_timeout:${rp.dimensionId}`;
+    const timeoutPromise = new Promise((resolve) => {
+        setTimeout(() => {
+            resolve({
+                status: timeoutStatus,
+                reason: timeoutReason,
+                checkedAt: now,
+            });
+        }, rp.timeoutMs);
+    });
+    const probePromise = rp.probe().catch((err) => ({
+        status: "unknown",
+        reason: `probe_error:${rp.dimensionId}:${err instanceof Error ? err.message : String(err)}`,
+        checkedAt: now,
+    }));
+    return [rp.dimensionId, await Promise.race([probePromise, timeoutPromise])];
+}
+/**
+ * Run all registered health probes and assemble SelfHealthSnapshot.
+ *
+ * Probes run concurrently (Promise.allSettled) with per-probe timeouts (DR-036).
+ * Total cap: 3000ms.
+ * All-timeout fallback: overall = "unknown", reason = "all_probes_timed_out".
+ *
+ * DR-032: state_memory probe timeout marks narrative_timeline + digest as degraded too.
+ */
+export async function getSelfHealthSnapshot(scope, lastKnownAt) {
+    // Ensure minimum probes exist
+    ensureMinimumProbes();
+    const now = new Date().toISOString();
+    // Determine which probes to run
+    const allProbes = Array.from(_probeRegistry.values());
+    const probes = scope?.dimensions
+        ? allProbes.filter((p) => scope.dimensions.includes(p.dimensionId))
+        : allProbes;
+    if (probes.length === 0) {
+        return {
+            generatedAt: now,
+            overall: "unknown",
+            reason: "no_probes_registered",
+            lastKnownAt,
+            dimensions: {},
+            diagnosticReasonCodes: ["no_probes_registered"],
+            degradedDimensions: [],
+        };
+    }
+    // Run all probes with individual timeouts, wrapped in a 3s global cap
+    const globalTimeoutPromise = new Promise((resolve) => {
+        setTimeout(() => {
+            // Return all probes as unknown on global timeout
+            const fallback = probes.map((p) => [
+                p.dimensionId,
+                {
+                    status: "unknown",
+                    reason: `probe_timeout:${p.dimensionId}`,
+                    checkedAt: now,
+                },
+            ]);
+            resolve(fallback);
+        }, TOTAL_TIMEOUT_MS);
+    });
+    const probeRunnerPromise = Promise.allSettled(probes.map((p) => runProbeWithTimeout(p, now))).then((results) => results
+        .filter((r) => r.status === "fulfilled")
+        .map((r) => r.value));
+    const results = await Promise.race([probeRunnerPromise, globalTimeoutPromise]);
+    // Assemble dimensions map
+    const dimensions = {};
+    for (const [dimId, health] of results) {
+        dimensions[dimId] = health;
+    }
+    // DR-032: if state_memory is degraded/unknown, propagate to narrative_timeline + digest
+    const stateMemoryHealth = dimensions["state_memory"];
+    if (stateMemoryHealth &&
+        (stateMemoryHealth.status === "degraded" || stateMemoryHealth.status === "unknown")) {
+        const smReason = "state_memory_unavailable";
+        for (const dim of ["narrative_timeline", "digest"]) {
+            if (dimensions[dim] && dimensions[dim].status === "healthy") {
+                dimensions[dim] = {
+                    status: "degraded",
+                    reason: smReason,
+                    checkedAt: now,
+                };
+            }
+            else if (!dimensions[dim] && _probeRegistry.has(dim)) {
+                dimensions[dim] = {
+                    status: "degraded",
+                    reason: smReason,
+                    checkedAt: now,
+                };
+            }
+        }
+    }
+    // Collect diagnostic reason codes and degraded dimensions
+    const diagnosticReasonCodes = [];
+    const degradedDimensions = [];
+    for (const [dimId, health] of Object.entries(dimensions)) {
+        if (health.status !== "healthy") {
+            degradedDimensions.push(dimId);
+            if (health.reason)
+                diagnosticReasonCodes.push(health.reason);
+        }
+    }
+    // Compute overall status
+    const allUnknown = Object.values(dimensions).every((d) => d.status === "unknown");
+    const anyDegraded = Object.values(dimensions).some((d) => d.status === "degraded");
+    const anyUnknown = Object.values(dimensions).some((d) => d.status === "unknown");
+    let overall;
+    let reason;
+    if (allUnknown) {
+        overall = "unknown";
+        reason = "all_probes_timed_out";
+    }
+    else if (anyDegraded || anyUnknown) {
+        overall = "degraded";
+    }
+    else {
+        overall = "healthy";
+    }
+    return {
+        generatedAt: now,
+        overall,
+        reason,
+        lastKnownAt: allUnknown ? lastKnownAt : undefined,
+        dimensions,
+        diagnosticReasonCodes,
+        degradedDimensions,
+    };
+}

package/runtime/shared/types/goal.d.ts

@@ -0,0 +1,62 @@
+/**
+ * AgentGoal v7 shared types — DR-014 snake_case kind / scope enforcement.
+ *
+ * Core logic:
+ * - `kind` is a closed union of snake_case lowercase strings.
+ * - `scope` controls visibility (global vs platform-specific vs session-bound).
+ * - `status` supports full v7 lifecycle including paused → expired/replaced.
+ *
+ * Dependencies:
+ * - `SourceRef` from `./source-ref.js` for grounding.
+ *
+ * Boundary:
+ * - Used by state-memory (GoalLifecycleStore), control-plane
+ *   (GoalLifecyclePolicy), and runtime-ops (goal command surface).
+ * - Non-enum values trigger compile errors via exhaustive union checks.
+ *
+ * Test coverage: tests/unit/shared/v7-entities.test.ts (invalid kind
+ * `@ts-expect-error` compile guard).
+ */
+import type { SourceRef } from "./source-ref.js";
+export type AgentGoalKind = "short_term" | "long_term" | "habit" | "maintenance" | "passive_sensing" | "outreach" | "exploration";
+export type AgentGoalStatus = "proposal" | "accepted" | "rejected" | "completed" | "paused" | "expired" | "replaced";
+export type AgentGoalOrigin = "owner_set" | "agent_proposed" | "policy_seeded";
+export type AgentGoalScope = "global" | "platform_specific" | "session_bound";
+export interface AgentGoal {
+    goalId: string;
+    kind: AgentGoalKind;
+    scope: AgentGoalScope;
+    status: AgentGoalStatus;
+    origin: AgentGoalOrigin;
+    description: string;
+    completionCriteria: string;
+    risk: "low" | "medium" | "high";
+    priorityHint: number;
+    sourceRefs: SourceRef;
+    acceptedBy?: "owner" | "policy_allowlist";
+    expiresAt?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AgentGoalWrite {
+    goalId: string;
+    kind: AgentGoalKind;
+    scope: AgentGoalScope;
+    status: AgentGoalStatus;
+    origin: AgentGoalOrigin;
+    description: string;
+    completionCriteria: string;
+    risk: "low" | "medium" | "high";
+    priorityHint: number;
+    sourceRefs: SourceRef;
+    acceptedBy?: "owner" | "policy_allowlist";
+    expiresAt?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AgentGoalStatusTransition {
+    goalId: string;
+    newStatus: AgentGoalStatus;
+    acceptedBy?: "owner" | "policy_allowlist";
+    updatedAt: string;
+}

package/runtime/shared/types/goal.js

@@ -0,0 +1,20 @@
+/**
+ * AgentGoal v7 shared types — DR-014 snake_case kind / scope enforcement.
+ *
+ * Core logic:
+ * - `kind` is a closed union of snake_case lowercase strings.
+ * - `scope` controls visibility (global vs platform-specific vs session-bound).
+ * - `status` supports full v7 lifecycle including paused → expired/replaced.
+ *
+ * Dependencies:
+ * - `SourceRef` from `./source-ref.js` for grounding.
+ *
+ * Boundary:
+ * - Used by state-memory (GoalLifecycleStore), control-plane
+ *   (GoalLifecyclePolicy), and runtime-ops (goal command surface).
+ * - Non-enum values trigger compile errors via exhaustive union checks.
+ *
+ * Test coverage: tests/unit/shared/v7-entities.test.ts (invalid kind
+ * `@ts-expect-error` compile guard).
+ */
+export {};

package/runtime/shared/types/index.d.ts

@@ -1,3 +1,6 @@
 export * from "./continuity.js";
 export * from "./credential.js";
 export * from "./outreach.js";
+export * from "./source-ref.js";
+export * from "./goal.js";
+export * from "./v7-entities.js";

package/runtime/shared/types/index.js

@@ -1,3 +1,6 @@
 export * from "./continuity.js";
 export * from "./credential.js";
 export * from "./outreach.js";
+export * from "./source-ref.js";
+export * from "./goal.js";
+export * from "./v7-entities.js";

package/runtime/shared/types/source-ref.d.ts

@@ -0,0 +1,14 @@
+/**
+ * SourceRef — v7 non-empty tuple for source grounding.
+ *
+ * Core logic: Every fact claim must carry at least one source reference.
+ * DR-025 enforces non-empty at compile time. Empty array assignments are
+ * rejected by the TypeScript compiler (`strict: true`).
+ *
+ * Dependencies: none (primitive shared type).
+ * Boundary: Used across state-memory, dream-quiet, guidance-voice, and
+ * observability systems for source-backed assertions.
+ * Test coverage: tests/unit/shared/v7-entities.test.ts (compile-time
+ * `@ts-expect-error` guard for empty tuple).
+ */
+export type SourceRef = readonly [string, ...string[]];

package/runtime/shared/types/source-ref.js

@@ -0,0 +1 @@
+export {};