@zapier/zapier-sdk 0.18.4 → 1.0.2

package/dist/auth.test.js

@@ -1,102 +1,376 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
 import * as auth from "./auth";
+import { resetDeprecationWarnings } from "./utils/logging";
 // Mock the CLI login package
 const mockGetToken = vi.fn();
 vi.mock("@zapier/zapier-sdk-cli-login", () => ({
     getToken: mockGetToken,
 }));
+// Mock fetch for client credentials tests
+const mockFetch = vi.fn();
 describe("auth", () => {
     beforeEach(() => {
         vi.clearAllMocks();
+        auth.clearTokenCache();
+        resetDeprecationWarnings();
+        // Clear all ZAPIER_* env vars
+        delete process.env.ZAPIER_CREDENTIALS;
+        delete process.env.ZAPIER_CREDENTIALS_CLIENT_ID;
+        delete process.env.ZAPIER_CREDENTIALS_CLIENT_SECRET;
+        delete process.env.ZAPIER_CREDENTIALS_BASE_URL;
         delete process.env.ZAPIER_TOKEN;
+        delete process.env.ZAPIER_AUTH_CLIENT_ID;
+        delete process.env.ZAPIER_AUTH_BASE_URL;
     });
-    describe("getTokenFromEnv", () => {
-        it("should return ZAPIER_TOKEN when set", () => {
-            process.env.ZAPIER_TOKEN = "test-token";
-            expect(auth.getTokenFromEnv()).toBe("test-token");
-        });
-        it("should return undefined when ZAPIER_TOKEN is not set", () => {
-            delete process.env.ZAPIER_TOKEN;
-            expect(auth.getTokenFromEnv()).toBeUndefined();
-        });
+    afterEach(() => {
+        auth.clearTokenCache();
     });
     describe("getTokenFromCliLogin", () => {
-        it("should pass all options to CLI login package getToken", async () => {
+        it("should pass options to CLI login package getToken", async () => {
             mockGetToken.mockResolvedValue("cli-token");
             const options = {
                 baseUrl: "https://api.custom.zapier.com",
-                authBaseUrl: "https://auth.custom.zapier.com",
                 onEvent: vi.fn(),
                 fetch: vi.fn(),
             };
             const result = await auth.getTokenFromCliLogin(options);
             expect(result).toBe("cli-token");
-            expect(mockGetToken).toHaveBeenCalledWith(options);
-        });
-        it("should pass empty options when none provided", async () => {
-            mockGetToken.mockResolvedValue("cli-token");
-            const result = await auth.getTokenFromCliLogin();
-            expect(result).toBe("cli-token");
-            expect(mockGetToken).toHaveBeenCalledWith({});
+            expect(mockGetToken).toHaveBeenCalled();
         });
         it("should return undefined when CLI login package throws error", async () => {
             mockGetToken.mockRejectedValue(new Error("CLI not available"));
-            const result = await auth.getTokenFromCliLogin();
+            const result = await auth.getTokenFromCliLogin({});
             expect(result).toBeUndefined();
         });
     });
-    describe("getTokenFromEnvOrConfig", () => {
-        it("should prioritize ZAPIER_TOKEN environment variable", async () => {
-            process.env.ZAPIER_TOKEN = "env-token";
-            mockGetToken.mockResolvedValue("cli-token");
-            const result = await auth.getTokenFromEnvOrConfig();
+    describe("resolveAuthToken", () => {
+        it("should return string credentials directly", async () => {
+            const result = await auth.resolveAuthToken({
+                credentials: "my-token",
+            });
+            expect(result).toBe("my-token");
+        });
+        it("should use deprecated token option with warning", async () => {
+            const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => { });
+            const result = await auth.resolveAuthToken({
+                token: "deprecated-token",
+            });
+            expect(result).toBe("deprecated-token");
+            expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining("deprecated"));
+            warnSpy.mockRestore();
+        });
+        it("should resolve credentials from env var (string token)", async () => {
+            // Set env var and re-import to pick up the new value
+            process.env.ZAPIER_CREDENTIALS = "env-token";
+            vi.resetModules();
+            const freshAuth = await import("./auth");
+            const result = await freshAuth.resolveAuthToken({});
             expect(result).toBe("env-token");
-            expect(mockGetToken).not.toHaveBeenCalled();
         });
-        it("should fall back to CLI login with options when env token not available", async () => {
-            delete process.env.ZAPIER_TOKEN;
-            mockGetToken.mockResolvedValue("cli-token");
-            const options = {
-                baseUrl: "https://api.custom.zapier.com",
-                authBaseUrl: "https://auth.custom.zapier.com",
-                onEvent: vi.fn(),
-                fetch: vi.fn(),
-            };
-            const result = await auth.getTokenFromEnvOrConfig(options);
-            expect(result).toBe("cli-token");
-            expect(mockGetToken).toHaveBeenCalledWith(options);
+        it("should resolve credentials from ZAPIER_TOKEN with deprecation warning", async () => {
+            // Set env var and re-import to pick up the new value
+            process.env.ZAPIER_TOKEN = "legacy-token";
+            vi.resetModules();
+            const freshAuth = await import("./auth");
+            const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => { });
+            const result = await freshAuth.resolveAuthToken({});
+            expect(result).toBe("legacy-token");
+            expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining("ZAPIER_TOKEN is deprecated"));
+            warnSpy.mockRestore();
         });
-        it("should return undefined when both env token and CLI login fail", async () => {
-            delete process.env.ZAPIER_TOKEN;
-            mockGetToken.mockRejectedValue(new Error("CLI not available"));
-            const result = await auth.getTokenFromEnvOrConfig();
+        it("should fall back to CLI login when no credentials provided", async () => {
+            mockGetToken.mockResolvedValue("cli-stored-token");
+            const result = await auth.resolveAuthToken({});
+            expect(result).toBe("cli-stored-token");
+            expect(mockGetToken).toHaveBeenCalled();
+        });
+        it("should return undefined when no credentials found", async () => {
+            mockGetToken.mockResolvedValue(undefined);
+            const result = await auth.resolveAuthToken({});
             expect(result).toBeUndefined();
         });
-        it("should pass authBaseUrl through the authentication chain", async () => {
-            delete process.env.ZAPIER_TOKEN;
-            mockGetToken.mockResolvedValue("cli-token");
-            const options = {
-                authBaseUrl: "https://custom-auth.zapier.dev",
-                baseUrl: "https://api.zapier.dev",
-            };
-            await auth.getTokenFromEnvOrConfig(options);
-            expect(mockGetToken).toHaveBeenCalledWith({
-                authBaseUrl: "https://custom-auth.zapier.dev",
-                baseUrl: "https://api.zapier.dev",
+        it("should call credentials function and use result", async () => {
+            const credentialsFn = vi.fn().mockResolvedValue("dynamic-token");
+            const result = await auth.resolveAuthToken({
+                credentials: credentialsFn,
             });
+            expect(result).toBe("dynamic-token");
+            expect(credentialsFn).toHaveBeenCalled();
         });
-        it("should pass undefined authBaseUrl when not provided", async () => {
-            delete process.env.ZAPIER_TOKEN;
-            mockGetToken.mockResolvedValue("cli-token");
-            const options = {
-                baseUrl: "https://api.zapier.dev",
-                // authBaseUrl intentionally omitted
-            };
-            await auth.getTokenFromEnvOrConfig(options);
-            expect(mockGetToken).toHaveBeenCalledWith({
-                baseUrl: "https://api.zapier.dev",
-                authBaseUrl: undefined,
+        it("should throw if credentials function returns another function", async () => {
+            const credentialsFn = vi.fn().mockResolvedValue(() => "nested");
+            await expect(auth.resolveAuthToken({
+                credentials: credentialsFn,
+            })).rejects.toThrow("Credentials function returned another function");
+        });
+    });
+    describe("client credentials flow", () => {
+        it("should exchange client credentials for token with scope and audience", async () => {
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "exchanged-token",
+                    expires_in: 3600,
+                }),
+            });
+            const result = await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "test-client-id",
+                    clientSecret: "test-client-secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(result).toBe("exchanged-token");
+            expect(mockFetch).toHaveBeenCalledWith(expect.stringContaining("/oauth/token/"), expect.objectContaining({
+                method: "POST",
+                body: expect.any(URLSearchParams),
+            }));
+            // Verify the body includes required parameters
+            const callArgs = mockFetch.mock.calls[0];
+            const body = callArgs[1].body;
+            expect(body.get("grant_type")).toBe("client_credentials");
+            expect(body.get("client_id")).toBe("test-client-id");
+            expect(body.get("client_secret")).toBe("test-client-secret");
+            expect(body.get("scope")).toBe("external");
+            expect(body.get("audience")).toBe("zapier.com");
+        });
+        it("should cache token from client credentials exchange", async () => {
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "cached-token",
+                    expires_in: 3600,
+                }),
+            });
+            // First call - should exchange
+            const result1 = await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "cache-test-client",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            // Second call - should use cache
+            const result2 = await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "cache-test-client",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
             });
+            expect(result1).toBe("cached-token");
+            expect(result2).toBe("cached-token");
+            expect(mockFetch).toHaveBeenCalledTimes(1); // Only called once due to cache
+        });
+        it("should deduplicate concurrent client credentials exchanges", async () => {
+            let resolveExchange;
+            const exchangePromise = new Promise((resolve) => {
+                resolveExchange = resolve;
+            });
+            mockFetch.mockReturnValue(exchangePromise);
+            // Start two concurrent requests - they will both start executing
+            const promise1 = auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "concurrent-test-client",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            const promise2 = auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "concurrent-test-client",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            // Let microtasks run so both promises start
+            await new Promise((r) => setTimeout(r, 0));
+            // Now resolve the exchange
+            resolveExchange({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "concurrent-token",
+                    expires_in: 3600,
+                }),
+            });
+            const [result1, result2] = await Promise.all([promise1, promise2]);
+            expect(result1).toBe("concurrent-token");
+            expect(result2).toBe("concurrent-token");
+            expect(mockFetch).toHaveBeenCalledTimes(1); // Only one exchange despite two concurrent calls
+        });
+        it("should throw on client credentials exchange failure", async () => {
+            mockFetch.mockResolvedValue({
+                ok: false,
+                status: 401,
+                statusText: "Unauthorized",
+                text: () => Promise.resolve("Invalid credentials"),
+            });
+            await expect(auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "bad-client",
+                    clientSecret: "bad-secret",
+                },
+                fetch: mockFetch,
+            })).rejects.toThrow("Client credentials exchange failed");
+        });
+    });
+    describe("PKCE credentials", () => {
+        it("should delegate PKCE credentials to CLI login", async () => {
+            mockGetToken.mockResolvedValue("pkce-stored-token");
+            const result = await auth.resolveAuthToken({
+                credentials: {
+                    type: "pkce",
+                    clientId: "pkce-client",
+                },
+            });
+            expect(result).toBe("pkce-stored-token");
+            expect(mockGetToken).toHaveBeenCalled();
+        });
+        it("should throw when PKCE credentials have no stored token", async () => {
+            mockGetToken.mockResolvedValue(undefined);
+            await expect(auth.resolveAuthToken({
+                credentials: {
+                    type: "pkce",
+                    clientId: "pkce-client",
+                },
+            })).rejects.toThrow("PKCE credentials require interactive login");
+        });
+    });
+    describe("token cache management", () => {
+        it("should invalidate cached token", async () => {
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "will-be-invalidated",
+                    expires_in: 3600,
+                }),
+            });
+            // First call - cache the token
+            await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(mockFetch).toHaveBeenCalledTimes(1);
+            // Invalidate the cache
+            auth.invalidateCachedToken("invalidate-test");
+            // Next call should fetch again
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "new-token-after-invalidation",
+                    expires_in: 3600,
+                }),
+            });
+            const result = await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(result).toBe("new-token-after-invalidation");
+            expect(mockFetch).toHaveBeenCalledTimes(2);
+        });
+        it("should clear all cached tokens", async () => {
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "token",
+                    expires_in: 3600,
+                }),
+            });
+            // Cache a token
+            await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "clear-test",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            // Clear all caches
+            auth.clearTokenCache();
+            // Should fetch again
+            await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "clear-test",
+                    clientSecret: "secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(mockFetch).toHaveBeenCalledTimes(2);
+        });
+    });
+    describe("invalidateCredentialsToken", () => {
+        it("should invalidate cached token for client credentials", async () => {
+            const mockFetch = vi.fn().mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    access_token: "cached-token",
+                    expires_in: 3600,
+                }),
+            });
+            // First, get a token to populate the cache
+            await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test-client",
+                    clientSecret: "test-secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(mockFetch).toHaveBeenCalledTimes(1);
+            // Verify token is cached (no new fetch)
+            const cachedToken = await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test-client",
+                    clientSecret: "test-secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(cachedToken).toBe("cached-token");
+            expect(mockFetch).toHaveBeenCalledTimes(1);
+            // Invalidate the token
+            await auth.invalidateCredentialsToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test-client",
+                    clientSecret: "test-secret",
+                },
+            });
+            // Next request should fetch a new token
+            await auth.resolveAuthToken({
+                credentials: {
+                    type: "client_credentials",
+                    clientId: "invalidate-test-client",
+                    clientSecret: "test-secret",
+                },
+                fetch: mockFetch,
+            });
+            expect(mockFetch).toHaveBeenCalledTimes(2);
+        });
+        it("should do nothing for string credentials", async () => {
+            // Should not throw
+            await auth.invalidateCredentialsToken({
+                credentials: "string-token",
+            });
+        });
+        it("should do nothing when no credentials provided", async () => {
+            // Should not throw
+            await auth.invalidateCredentialsToken({});
         });
     });
 });

package/dist/constants.d.ts

@@ -11,4 +11,18 @@ export declare const ZAPIER_BASE_URL: string;
  * Maximum number of items that can be requested per page across all paginated functions
  */
 export declare const MAX_PAGE_LIMIT = 10000;
+/**
+ * Credentials from environment variables
+ */
+export declare const ZAPIER_CREDENTIALS: string | undefined;
+export declare const ZAPIER_CREDENTIALS_CLIENT_ID: string | undefined;
+export declare const ZAPIER_CREDENTIALS_CLIENT_SECRET: string | undefined;
+export declare const ZAPIER_CREDENTIALS_BASE_URL: string | undefined;
+export declare const ZAPIER_CREDENTIALS_SCOPE: string | undefined;
+/**
+ * Deprecated environment variables (kept for backwards compatibility)
+ */
+export declare const ZAPIER_TOKEN: string | undefined;
+export declare const ZAPIER_AUTH_BASE_URL: string | undefined;
+export declare const ZAPIER_AUTH_CLIENT_ID: string | undefined;
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,eAAO,MAAM,eAAe,QACyB,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,cAAc,QAAQ,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,eAAO,MAAM,eAAe,QACyB,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,cAAc,QAAQ,CAAC;AAEpC;;GAEG;AACH,eAAO,MAAM,kBAAkB,oBAAiC,CAAC;AACjE,eAAO,MAAM,4BAA4B,oBACC,CAAC;AAC3C,eAAO,MAAM,gCAAgC,oBACC,CAAC;AAC/C,eAAO,MAAM,2BAA2B,oBACC,CAAC;AAC1C,eAAO,MAAM,wBAAwB,oBAAuC,CAAC;AAE7E;;GAEG;AACH,eAAO,MAAM,YAAY,oBAA2B,CAAC;AACrD,eAAO,MAAM,oBAAoB,oBAAmC,CAAC;AACrE,eAAO,MAAM,qBAAqB,oBAAoC,CAAC"}

package/dist/constants.js

@@ -11,3 +11,17 @@ export const ZAPIER_BASE_URL = process.env.ZAPIER_BASE_URL || "https://zapier.co
  * Maximum number of items that can be requested per page across all paginated functions
  */
 export const MAX_PAGE_LIMIT = 10000;
+/**
+ * Credentials from environment variables
+ */
+export const ZAPIER_CREDENTIALS = process.env.ZAPIER_CREDENTIALS;
+export const ZAPIER_CREDENTIALS_CLIENT_ID = process.env.ZAPIER_CREDENTIALS_CLIENT_ID;
+export const ZAPIER_CREDENTIALS_CLIENT_SECRET = process.env.ZAPIER_CREDENTIALS_CLIENT_SECRET;
+export const ZAPIER_CREDENTIALS_BASE_URL = process.env.ZAPIER_CREDENTIALS_BASE_URL;
+export const ZAPIER_CREDENTIALS_SCOPE = process.env.ZAPIER_CREDENTIALS_SCOPE;
+/**
+ * Deprecated environment variables (kept for backwards compatibility)
+ */
+export const ZAPIER_TOKEN = process.env.ZAPIER_TOKEN;
+export const ZAPIER_AUTH_BASE_URL = process.env.ZAPIER_AUTH_BASE_URL;
+export const ZAPIER_AUTH_CLIENT_ID = process.env.ZAPIER_AUTH_CLIENT_ID;

package/dist/credentials.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Credentials Resolution
+ *
+ * This module provides the core logic for resolving credentials from various sources:
+ * - Explicit credentials option
+ * - Deprecated token option
+ * - Environment variables (new and deprecated)
+ * - CLI login stored tokens
+ */
+import type { Credentials, ResolvedCredentials } from "./types/credentials";
+/**
+ * Options for resolving credentials.
+ */
+export interface ResolveCredentialsOptions {
+    credentials?: Credentials;
+    /** @deprecated Use `credentials` instead */
+    token?: string;
+    /** SDK base URL - used to derive auth base URL if not specified in credentials */
+    baseUrl?: string;
+}
+/**
+ * Resolve credentials from environment variables.
+ *
+ * Precedence:
+ * 1. ZAPIER_CREDENTIALS (string token)
+ * 2. ZAPIER_CREDENTIALS_CLIENT_ID + ZAPIER_CREDENTIALS_CLIENT_SECRET (client credentials)
+ * 3. ZAPIER_CREDENTIALS_CLIENT_ID alone (PKCE)
+ * 4. Deprecated ZAPIER_TOKEN, ZAPIER_AUTH_* vars (with warnings)
+ *
+ * @param sdkBaseUrl - SDK base URL used to derive auth base URL if not specified
+ */
+export declare function resolveCredentialsFromEnv(sdkBaseUrl?: string): ResolvedCredentials | undefined;
+/**
+ * Resolve credentials from all possible sources.
+ *
+ * Precedence:
+ * 1. Explicit credentials option
+ * 2. Deprecated token option (with warning)
+ * 3. Environment variables
+ * 4. CLI login stored token (handled separately in auth.ts)
+ *
+ * If credentials is a function, it is called and must return
+ * a string or credentials object (not another function).
+ *
+ * The baseUrl option is used to derive the auth base URL if not
+ * specified in credentials.
+ */
+export declare function resolveCredentials(options?: ResolveCredentialsOptions): Promise<ResolvedCredentials | undefined>;
+/**
+ * Extract the base URL from credentials for use in auth flows.
+ */
+export declare function getBaseUrlFromCredentials(credentials: ResolvedCredentials | undefined): string | undefined;
+/**
+ * Extract the client ID from credentials for use in auth flows.
+ */
+export declare function getClientIdFromCredentials(credentials: ResolvedCredentials | undefined): string | undefined;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,mBAAmB,EAEpB,MAAM,qBAAqB,CAAC;AAkB7B;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kFAAkF;IAClF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA2CD;;;;;;;;;;GAUG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,GAAG,SAAS,CAyDjC;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC,CAkD1C;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,WAAW,EAAE,mBAAmB,GAAG,SAAS,GAC3C,MAAM,GAAG,SAAS,CAKpB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,mBAAmB,GAAG,SAAS,GAC3C,MAAM,GAAG,SAAS,CAKpB"}