@letterblack/lbe-core 1.3.3 → 1.3.4

package/src/cli/main.js

@@ -1,176 +0,0 @@
-// src/cli/main.js
-// LetterBlack Sentinel CLI entrypoint
-
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import { parseArgs, printHelp } from './parseArgs.js';
-import { initCommand } from './commands/init.js';
-import { verifyCommand } from './commands/verify.js';
-import { dryrunCommand } from './commands/dryrun.js';
-import { runCommand } from './commands/run.js';
-import { auditVerifyCommand } from './commands/auditVerify.js';
-import { integrityCheckCommand, integrityGenerateCommand } from './commands/integrityCheck.js';
-import { performIntegrityCheck } from '../core/integrity.js';
-import { policySignCommand } from './commands/policySign.js';
-import { healthCommand } from './commands/health.js';
-import { policyAddCommand } from './commands/policyAdd.js';
-import { policyModeCommand } from './commands/policyMode.js';
-import { statusCommand } from './commands/status.js';
-import { logsCommand } from './commands/logs.js';
-import { openStateCommand } from './commands/openState.js';
-import { proofCommand } from './commands/proof.js';
-
-function toBoolean(value, defaultValue = false) {
-    if (value === undefined) return defaultValue;
-    if (value === true || value === false) return value;
-    const normalized = String(value).trim().toLowerCase();
-    if (normalized === 'true' || normalized === '1' || normalized === 'yes') return true;
-    if (normalized === 'false' || normalized === '0' || normalized === 'no') return false;
-    return defaultValue;
-}
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const packageJsonPath = path.join(__dirname, '../../package.json');
-const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
-
-export async function main() {
-    const argv = process.argv.slice(2);
-    if (argv.includes('--version')) {
-        console.log(`LetterBlack Sentinel v${packageJson.version}`);
-        process.exit(0);
-    }
-    if (argv.length === 0 || argv.includes('--help') || argv.includes('-h')) {
-        printHelp(packageJson.version);
-        process.exit(0);
-    }
-
-    const { command, opts } = parseArgs(argv);
-
-    // Handle version flag
-    if (opts.version) {
-        console.log(`LetterBlack Sentinel v${packageJson.version}`);
-        process.exit(0);
-    }
-
-    // Handle help flag or no command
-    if (opts.help || !command || command === 'help') {
-        printHelp(packageJson.version);
-        process.exit(0);
-    }
-
-    try {
-        // Parse --pub-key-file if provided
-        if (opts['pub-key-file']) {
-            try {
-                opts['pub-key'] = fs.readFileSync(path.resolve(opts['pub-key-file']), 'utf-8').trim();
-            } catch (error) {
-                console.error(`Error reading public key file: ${error.message}`);
-                process.exit(1);
-            }
-        }
-
-        // Route to command handler
-        if (['verify', 'dryrun', 'run'].includes(command)) {
-            const integrityStrict = toBoolean(opts['integrity-strict'], false);
-            const integrityManifestPath = path.resolve(opts['integrity-manifest'] || '.lbe/config/integrity.manifest.json');
-            const integrityResult = await performIntegrityCheck({
-                strict: integrityStrict,
-                manifestPath: integrityManifestPath
-            });
-            if (!integrityResult.valid) {
-                console.error(JSON.stringify({
-                    status: 'error',
-                    error: integrityResult.reason || 'INTEGRITY_CHECK_FAILED',
-                    message: integrityResult.message
-                }, null, 2));
-                process.exit(8);
-            }
-        }
-
-        switch (command) {
-            case 'init':
-                await initCommand(opts);
-                break;
-
-            case 'verify':
-                await verifyCommand(opts);
-                break;
-
-            case 'dryrun':
-                await dryrunCommand(opts);
-                break;
-
-            case 'run':
-                await runCommand(opts);
-                break;
-
-            case 'audit-verify':
-                await auditVerifyCommand(opts);
-                break;
-
-            case 'integrity-check':
-                await integrityCheckCommand(opts);
-                break;
-
-            case 'integrity-generate':
-                await integrityGenerateCommand(opts);
-                break;
-
-            case 'policy-sign':
-                await policySignCommand(opts);
-                break;
-
-            case 'health':
-                await healthCommand(opts);
-                break;
-
-            case 'policy-add':
-                await policyAddCommand(opts);
-                break;
-
-            case 'observe':
-            case 'enforce':
-                await policyModeCommand(command, opts);
-                break;
-
-            case 'status':
-                await statusCommand(opts);
-                break;
-
-            case 'logs':
-                await logsCommand(opts);
-                break;
-
-            case 'open-state':
-                await openStateCommand(opts);
-                break;
-
-            case 'proof':
-                await proofCommand(opts);
-                break;
-
-            default:
-                console.error(`Unknown command: ${command}`);
-                printHelp(packageJson.version);
-                process.exit(1);
-        }
-    } catch (error) {
-        console.error(JSON.stringify({
-            status: 'error',
-            error: 'INTERNAL_ERROR',
-            message: error.message,
-            stack: process.env.DEBUG ? error.stack : undefined
-        }));
-        process.exit(9);
-    }
-}
-
-main().catch((error) => {
-    console.error(JSON.stringify({
-        status: 'error',
-        error: 'FATAL_ERROR',
-        message: error.message
-    }));
-    process.exit(9);
-});

package/src/cli/parseArgs.js

@@ -1,114 +0,0 @@
-// src/cli/parseArgs.js
-// Command-line argument parser
-
-export function parseArgs(argv) {
-    // argv should already have node and script removed
-    if (argv.length === 0) {
-        return { command: 'help', opts: {} };
-    }
-
-    const command = argv[0];
-    const opts = {};
-
-    for (let i = 1; i < argv.length; i++) {
-        if (argv[i].startsWith('--')) {
-            const key = argv[i].substring(2);
-            // Handle --key=value format
-            if (key.includes('=')) {
-                const [k, v] = key.split('=');
-                opts[k] = v;
-            } else {
-                const nextArg = argv[i + 1];
-                if (!nextArg || nextArg.startsWith('-')) {
-                    opts[key] = true;
-                } else {
-                    opts[key] = nextArg;
-                    i++;
-                }
-            }
-        } else if (argv[i].startsWith('-')) {
-            const key = argv[i].substring(1);
-            const nextArg = argv[i + 1];
-            if (!nextArg || nextArg.startsWith('-')) {
-                opts[key] = true;
-            } else {
-                opts[key] = nextArg;
-                i++;
-            }
-        }
-    }
-
-    return { command, opts };
-}
-
-export function printHelp(version = 'unknown') {
-    console.log(`
-╔═══════════════════════════════════════════════════════════╗
-║          LetterBlack Sentinel — CLI Governance            ║
-║     Local-first execution governance SDK  v${version.padEnd(12)}║
-╚═══════════════════════════════════════════════════════════╝
-
-USAGE:
-  lbe [command] [options]
-
-COMMANDS:
-  init      Initialize LetterBlack Sentinel environment
-  verify    Verify a proposal (validate, don't execute)
-  dryrun    Validate and simulate execution (no changes)
-  run       Validate and execute a proposal
-  policy-sign  Sign policy and write policy signature envelope
-  policy-add   Controller-only: add a rule to lbe.policy.json
-  observe   Set project-local policy to advisory mode
-  enforce   Set project-local policy to blocking mode
-  health    Run deployment/runtime health checks
-  integrity-check  Verify controller integrity manifest
-  integrity-generate  Generate controller integrity manifest
-  audit-verify  Verify audit log hash-chain integrity
-  status    Show central state summary for this workspace
-  logs      Print recent entries from central event log
-  open-state  Open the central state directory in the file manager
-  proof     Show latest proof result (--json for raw JSON, --public for redacted)
-  help      Show this help message
-
-OPTIONS:
-  --in              Input file (JSON proposal)
-  --config          Policy config file (default: ./.lbe/config/policy.default.json)
-  --policy          Alias for --config
-  --policy-sig      Policy signature file (default: ./.lbe/config/policy.sig.json)
-  --policy-state    Policy monotonic state file (default: ./data/policy.state.json)
-  --policy-unsigned-ok  Allow unsigned policy (dev-only; default: false)
-  --policy-key-id   Signer keyId for policy-sign (default: policy-signer-v1-2026Q1)
-  --secret-key-file Secret key for policy-sign (default: ./keys/secret.key)
-  --data-dir        Data directory for health checks (default: ./data)
-  --nonce-db        Nonce DB path for health checks
-  --rate-db         Rate-limit DB path for health checks
-  --keys-store      Trusted keys store (default: ./.lbe/config/keys.json)
-  --pub-key         Public key for verification (Ed25519 base64)
-  --pub-key-file    Legacy single-key file path (fallback mode)
-  --integrity-strict  Fail verify/dryrun/run if integrity check fails
-  --integrity-manifest Integrity manifest path (default: ./.lbe/config/integrity.manifest.json)
-  --manifest        Manifest path override for integrity-check
-  --out             Output path for integrity-generate
-  --audit           Audit log file (default: ./data/audit.log.jsonl)
-  --root            Project root for local policy commands (default: cwd)
-  --effect          Local rule effect: allow or deny
-  --type            Local rule type: path or command
-  --pattern         Local rule glob/pattern
-  --from            Required human-readable rule provenance
-  --json            JSON output (default: true)
-  --fail-fast       Stop at first audit integrity error (default: true)
-  --max             Max audit entries to process (optional)
-  --version         Show version
-  --help            Show this help message
-
-EXAMPLES:
-  lbe execute --input proposal.json
-  cat proposal.json | lbe execute
-  lbe policy-sign --config ./.lbe/config/policy.default.json --policy-sig ./.lbe/config/policy.sig.json
-  lbe integrity-generate --out ./.lbe/config/integrity.manifest.json
-  lbe integrity-check --integrity-strict --manifest ./.lbe/config/integrity.manifest.json
-  lbe audit-verify --audit ./data/audit.log.jsonl
-
-For more info, visit: https://github.com/Letterblack0306/LetterBlack-LBE-Core
-`);
-}

package/src/exec/localExecutor.js

@@ -1,289 +0,0 @@
-// Trusted, in-process execution controller. Agents submit simple requests;
-// this controller creates the timestamp/nonce/signature envelope locally.
-import crypto from 'crypto';
-import fs from 'fs';
-import path from 'path';
-import { generateKeyPair, signEd25519 } from '../core/signature.js';
-import { validateCommand } from '../core/validator.js';
-import { executeAdapter } from '../adapters/index.js';
-import { appendAudit, verifyAuditLogIntegrity } from '../core/auditLog.js';
-import { addLocalPolicyRule, auditLocalPolicy, evaluateLocalPolicy, loadLocalPolicy, proposePolicyRule } from '../core/localPolicy.js';
-
-const INTENTS = {
-    read_file: { id: 'READ_FILE', adapter: 'file', action: 'read' },
-    write_file: { id: 'WRITE_FILE', adapter: 'file', action: 'write' },
-    patch_file: { id: 'PATCH_FILE', adapter: 'file', action: 'patch' },
-    delete_file: { id: 'DELETE_FILE', adapter: 'file', action: 'delete' },
-    run_shell: { id: 'RUN_SHELL', adapter: 'shell', action: 'run' }
-};
-
-const MUTATIONS = new Set(['write_file', 'patch_file', 'delete_file']);
-
-function error(code, message, recoverable = false) {
-    return { ok: false, decision: 'deny', executed: false, dryRun: false, error: { code, message, recoverable } };
-}
-
-function commandPolicy(rootDir, actor, shell = {}) {
-    const now = new Date();
-    const expires = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);
-    return {
-        version: 1,
-        default: 'DENY',
-        requesters: {
-            [actor]: {
-                allowCommands: Object.values(INTENTS).map(item => item.id),
-                allowAdapters: ['file', 'shell'],
-                filesystem: { roots: [rootDir], denyPatterns: [] },
-                exec: { allowCmds: shell.allowCommands || [], denyCmds: shell.denyCommands || [] },
-                rateLimit: { windowSec: 60, maxRequests: shell.maxRequests || 60 }
-            }
-        },
-        security: { maxClockSkewSec: 600, defaultRateLimit: { windowSec: 60, maxRequests: 60 } },
-        _keyWindow: { notBefore: now.toISOString(), expiresAt: expires.toISOString() }
-    };
-}
-
-function physicalPath(candidate) {
-    let current = path.resolve(candidate);
-    const suffix = [];
-    while (!fs.existsSync(current)) {
-        const parent = path.dirname(current);
-        if (parent === current) break;
-        suffix.unshift(path.basename(current));
-        current = parent;
-    }
-    try { current = fs.realpathSync(current); } catch { /* lexical fallback */ }
-    return path.join(current, ...suffix);
-}
-
-function underRoot(candidate, root) {
-    const target = physicalPath(candidate);
-    const resolvedRoot = physicalPath(root);
-    return target === resolvedRoot || target.startsWith(resolvedRoot + path.sep);
-}
-
-const FORBIDDEN_CONTENT = [
-    /\beval\s*\(/i, /\bFunction\s*\(/i, /\bexec\s*\(/i,
-    /\brequire\s*\(/, /\bimport\s*\(/, /\bchild_process\b/,
-    /\b__proto__\b/, /\bconstructor\s*\[/, /evalScript/i,
-];
-
-function scanContent(value, fieldName) {
-    if (typeof value !== 'string') return null;
-    for (const pattern of FORBIDDEN_CONTENT) {
-        if (pattern.test(value)) {
-            return error('PAYLOAD_CONTENT_REJECTED', `Forbidden pattern in ${fieldName}: ${pattern}`);
-        }
-    }
-    return null;
-}
-
-function normalize(rootDir, request, shell = {}) {
-    if (!request || typeof request !== 'object') return { error: error('REQUEST_INVALID', 'request must be an object') };
-    const detail = INTENTS[request.intent];
-    if (!detail) return { error: error('INTENT_UNSUPPORTED', `Unsupported intent '${request.intent}'`) };
-    const actor = typeof request.actor === 'string' && request.actor ? request.actor : 'agent:local';
-    let target = null;
-    if (detail.adapter === 'file') {
-        if (typeof request.target !== 'string' || !request.target) return { error: error('TARGET_REQUIRED', 'target is required for file intents') };
-        target = path.resolve(rootDir, request.target);
-        if (!underRoot(target, rootDir)) return { error: error('PATH_OUTSIDE_ROOT', 'target is outside project root') };
-        if (['write_file', 'patch_file'].includes(request.intent) && typeof request.content !== 'string') {
-            return { error: error('CONTENT_REQUIRED', 'content is required for write and patch') };
-        }
-        const contentScan = scanContent(request.content, 'content');
-        if (contentScan) return { error: contentScan };
-    }
-    let command = null;
-    if (detail.adapter === 'shell') {
-        command = request.command;
-        if (!command || typeof command.cmd !== 'string' || !Array.isArray(command.args) || command.args.some(arg => typeof arg !== 'string')) {
-            return { error: error('COMMAND_INVALID', 'command requires cmd and string args') };
-        }
-        const cwd = path.resolve(rootDir, command.cwd || '.');
-        if (!underRoot(cwd, rootDir)) return { error: error('CWD_OUTSIDE_ROOT', 'command cwd is outside project root') };
-        if (!Array.isArray(shell.allowCommands) || !shell.allowCommands.includes(command.cmd)) {
-            return { error: error('SHELL_NOT_ALLOWLISTED', `command '${command.cmd}' is not explicitly allowlisted`) };
-        }
-        if (shell.denyCommands?.includes(command.cmd)) return { error: error('SHELL_DENIED', `command '${command.cmd}' is denied`) };
-        command = { ...command, cwd, timeoutMs: Math.min(Math.max(command.timeoutMs || 30000, 1), 30000), maxOutputBytes: Math.min(Math.max(command.maxOutputBytes || 1024 * 1024, 1024), 1024 * 1024) };
-    }
-    return { actor, detail, target, command, request };
-}
-
-function envelope(normalized, keyId, secretKey) {
-    const { actor, detail, target, command, request } = normalized;
-    const body = {
-        id: detail.id,
-        risk: MUTATIONS.has(request.intent) ? 'MEDIUM' : 'LOW',
-        commandId: crypto.randomUUID(),
-        requesterId: actor,
-        sessionId: 'local-host',
-        timestamp: Math.floor(Date.now() / 1000),
-        nonce: crypto.randomBytes(32).toString('hex'),
-        requires: ['policy', 'signature'],
-        payload: {
-            adapter: detail.adapter,
-            action: detail.action,
-            target,
-            content: request.content,
-            cmd: command?.cmd,
-            args: command?.args,
-            timeoutMs: command?.timeoutMs,
-            maxOutputBytes: command?.maxOutputBytes,
-            cwd: command?.cwd || (target ? path.dirname(target) : process.cwd())
-        }
-    };
-    const signed = signEd25519({ payloadObj: body, secretKeyB64: secretKey });
-    if (signed.error) throw new Error(signed.error);
-    return { ...body, signature: { alg: 'ed25519', keyId, sig: signed.signature } };
-}
-
-export function createLocalExecutor(options = {}) {
-    const rootDir = path.resolve(options.rootDir || process.cwd());
-    const keyId = options.keyId || 'host:local-exec';
-    const keyPair = options.keyPair || generateKeyPair();
-    const shell = options.shell || {};
-
-    function prepare(request, { recordNonce = false } = {}) {
-        const normalized = normalize(rootDir, request, shell);
-        if (normalized.error) return normalized;
-        // When no mode is passed and no policy file exists, default to enforce.
-        // Observe mode activates only when explicitly set via options.mode or via
-        // npx lbe init which writes lbe.policy.json with mode:'observe'.
-        const local = loadLocalPolicy(rootDir, options.mode || 'enforce');
-        const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target: normalized.target, command: normalized.command?.cmd });
-        const localBlocked = local.policy.mode === 'enforce' && !localDecision.allowed;
-        if (localBlocked) return { error: error('LOCAL_POLICY_DENY', `Blocked by rule(s): ${localDecision.winningRules.map(rule => rule.id).join(', ')}`), local, localDecision, normalized };
-        const policy = commandPolicy(rootDir, normalized.actor, shell);
-        const keyStore = { defaultKeyId: keyId, trustedKeys: { [keyId]: { publicKey: keyPair.publicKey, notBefore: policy._keyWindow.notBefore, expiresAt: policy._keyWindow.expiresAt, deprecated: false } } };
-        delete policy._keyWindow;
-        const proposal = envelope(normalized, keyId, keyPair.secretKey);
-        const nonceDb = { entries: [] };
-        const validation = validateCommand({ commandObj: proposal, keyStore, nonceDb: recordNonce ? nonceDb : { entries: [] }, policy });
-        if (!validation.valid) return { error: error(validation.errors[0]?.type || 'VALIDATION_FAILED', validation.errors[0]?.message || 'Validation failed'), local, localDecision, normalized, proposal, policy, validation };
-        return { local, localDecision, normalized, proposal, policy, validation };
-    }
-
-    // Sync decision path — for CJS preload hooks that cannot await.
-    // Uses local policy only (no WASM, no nonce, no signature).
-    function evaluateSync(action) {
-        const local = loadLocalPolicy(rootDir, options.mode || 'observe');
-        const mode = local.policy.mode;
-        let target = null;
-        let command = null;
-        if (action.path) {
-            try {
-                target = path.resolve(rootDir, action.path);
-                if (!underRoot(target, rootDir)) {
-                    return { decision: 'deny', deny: true, matchedRules: ['path:outside_root'], mode, enforced: mode === 'enforce', reason: 'PATH_OUTSIDE_ROOT' };
-                }
-            } catch (e) { /* ignore resolution errors, fall through to policy check */ }
-        }
-        if (action.cmd) command = action.cmd;
-        const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target, command });
-        const isDeny = !localDecision.allowed;
-        return {
-            decision: isDeny ? 'deny' : 'allow',
-            deny: isDeny,
-            matchedRules: localDecision.winningRules.map(r => r.id),
-            mode,
-            enforced: mode === 'enforce',
-        };
-    }
-
-    // Sync audit write to unified event log.
-    // Uses openSync/writeSync/closeSync to bypass JS wrappers and avoid recursion
-    // if the CJS preload hook has patched fs.writeFileSync in this process.
-    function auditSync(entry) {
-        const eventsPath = path.join(rootDir, '.lbe', 'events.jsonl');
-        const dir = path.dirname(eventsPath);
-        if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-        const line = JSON.stringify({ ts: Math.floor(Date.now() / 1000), ...entry }) + '\n';
-        const fd = fs.openSync(eventsPath, 'a');
-        try { fs.writeSync(fd, line); } finally { fs.closeSync(fd); }
-    }
-
-    async function dryRun(request) {
-        const prepared = prepare(request);
-        if (prepared.error) return { ...prepared.error, dryRun: true };
-        return {
-            ok: true,
-            decision: prepared.local.policy.mode === 'observe' ? 'observe' : 'allow',
-            executed: false,
-            dryRun: true,
-            matchedRules: prepared.localDecision.winningRules.map(rule => rule.id),
-            rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false }
-        };
-    }
-
-    async function execute(request) {
-        const prepared = prepare(request, { recordNonce: true });
-        if (prepared.error) {
-            auditLocalPolicy(rootDir, { action: request?.intent, actor: request?.actor || 'agent:local', decision: 'deny', error: prepared.error.error.code });
-            return prepared.error;
-        }
-        // Observer mode: validate and audit but never mutate state.
-        if (prepared.local.policy.mode === 'observe') {
-            appendAudit(path.join(rootDir, '.lbe/audit.jsonl'), {
-                kind: 'local_execution', commandId: prepared.proposal.commandId, requesterId: prepared.normalized.actor,
-                intent: prepared.normalized.request.intent, decision: 'observe', status: 'observed'
-            });
-            return {
-                ok: true, decision: 'observe', executed: false, dryRun: false,
-                matchedRules: prepared.localDecision.winningRules.map(r => r.id),
-                rollback: { available: false, performed: false }
-            };
-        }
-        const requester = prepared.policy.requesters[prepared.normalized.actor];
-        const adapterResult = await executeAdapter(prepared.normalized.detail.adapter, prepared.proposal, prepared.policy, requester);
-        const ok = adapterResult.status === 'completed';
-        const audit = appendAudit(path.join(rootDir, '.lbe/audit.jsonl'), {
-            kind: 'local_execution', commandId: prepared.proposal.commandId, requesterId: prepared.normalized.actor,
-            intent: prepared.normalized.request.intent, decision: ok ? 'allow' : 'deny', status: adapterResult.status
-        });
-        return {
-            ok,
-            decision: ok ? 'allow' : 'deny',
-            executed: ok,
-            dryRun: false,
-            matchedRules: prepared.localDecision.winningRules.map(rule => rule.id),
-            auditId: audit.hash,
-            rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false, backupId: adapterResult.backup?.hash },
-            ...(ok ? {} : { error: { code: adapterResult.errorCode || 'EXECUTION_FAILED', message: adapterResult.error || 'Execution failed', recoverable: true } })
-        };
-    }
-
-    // Convenience methods — agents use these; internals stay hidden
-    const writeFile  = (target, content)        => execute({ intent: 'write_file',  target, content });
-    const readFile   = (target)                  => execute({ intent: 'read_file',   target });
-    const patchFile  = (target, content)         => execute({ intent: 'patch_file',  target, content });
-    const deleteFile = (target)                  => execute({ intent: 'delete_file', target });
-    const runShell   = (cmd, args = [], opts = {}) =>
-        execute({ intent: 'run_shell', command: { cmd, args, ...opts } });
-
-    return {
-        rootDir,
-        // High-level API — use these
-        writeFile,
-        readFile,
-        patchFile,
-        deleteFile,
-        runShell,
-        // Low-level API — for advanced use
-        validate: async request => {
-            const preview = await dryRun(request);
-            return { ...preview, dryRun: false, executed: false };
-        },
-        dryRun,
-        execute,
-        policy: {
-            read: () => loadLocalPolicy(rootDir, options.mode || 'enforce').policy,
-            proposeRule: proposePolicyRule,
-            addRule: rule => addLocalPolicyRule(rootDir, rule, options.mode || 'enforce')
-        },
-        audit: { verify: () => verifyAuditLogIntegrity(path.join(rootDir, '.lbe/audit.jsonl')) },
-        evaluateSync,
-        auditSync,
-    };
-}