keri-ts 0.6.0 → 0.7.0

package/esm/cesr/mod.js

@@ -1,2 +1,3 @@
+/** cesr-ts npm package root entrypoint. */
 export * from "./src/index.js";
 export * from "./src/version.js";

package/esm/cesr/src/core/parser-frame-parser.js

@@ -242,6 +242,9 @@ export class FrameParser {
             };
         }
         catch (_error) {
+            // Non-native body groups wrap one Matter primitive. If Serder hydration
+            // fails, expose the primitive body bytes only; callers that inspect the
+            // fallback should not see the surrounding group counter envelope.
             const raw = matter.raw;
             return {
                 frame: {

package/esm/cesr/src/primitives/matter.js

@@ -41,6 +41,13 @@ function matterNameForCode(code) {
     }
     return name;
 }
+/**
+ * Select the concrete variable-length Matter code for the raw payload size.
+ *
+ * Variable families encode lead bytes and soft-size width in the selector
+ * itself. Normalizing once during construction keeps generated qb64/qb2 forms
+ * deterministic without leaking that sizing policy to primitive callers.
+ */
 function normalizeVariableMatterCode(code, raw) {
     const sizage = MATTER_SIZES.get(code);
     if (!sizage || sizage.fs !== null) {

package/esm/cesr/src/tables/counter.tables.generated.js

@@ -1,3 +1,4 @@
+export { COUNTER_HARDS } from "./hard-code-tables.js";
 export const COUNTER_SIZES_V1 = new Map([
     ["-_AAA", { hs: 5, ss: 3, fs: 8 }],
     ["--L", { hs: 3, ss: 5, fs: 8 }],
@@ -84,11 +85,6 @@ export const COUNTER_SIZES_V2 = new Map([
     ["-Y", { hs: 2, ss: 2, fs: 4 }],
     ["-Z", { hs: 2, ss: 2, fs: 4 }],
 ]);
-export const COUNTER_HARDS = new Map([
-    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".split("").map((c) => [`-${c}`, 2]),
-    ["--", 3],
-    ["-_", 5],
-]);
 export const COUNTER_CODE_NAMES_V1 = {
     "-_AAA": "KERIACDCGenusVersion",
     "--L": "BigPathedMaterialCouples",

package/esm/cesr/src/tables/hard-code-tables.js

@@ -0,0 +1,39 @@
+/**
+ * Source-owned hard-code size tables used by generated CESR lookup modules.
+ *
+ * KERIpy derives these ranges procedurally rather than listing them alongside
+ * the generated size/name dictionaries. Keeping them here avoids embedding
+ * static table literals inside the generator while preserving the public
+ * generated-module exports.
+ */
+/** Hard-code byte counts for Matter derivation code prefixes. */
+export const MATTER_HARDS = new Map([
+    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZ".split("").map((c) => [c, 1]),
+    ..."abcdefghijklmnopqrstuvwxyz".split("").map((c) => [c, 1]),
+    ["0", 2],
+    ["1", 4],
+    ["2", 4],
+    ["3", 4],
+    ["4", 2],
+    ["5", 2],
+    ["6", 2],
+    ["7", 4],
+    ["8", 4],
+    ["9", 4],
+]);
+/** Hard-code byte counts for Indexer derivation code prefixes. */
+export const INDEXER_HARDS = new Map([
+    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZ".split("").map((c) => [c, 1]),
+    ..."abcdefghijklmnopqrstuvwxyz".split("").map((c) => [c, 1]),
+    ["0", 2],
+    ["1", 2],
+    ["2", 2],
+    ["3", 2],
+    ["4", 2],
+]);
+/** Hard-code byte counts for Counter code prefixes. */
+export const COUNTER_HARDS = new Map([
+    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".split("").map((c) => [`-${c}`, 2]),
+    ["--", 3],
+    ["-_", 5],
+]);

package/esm/cesr/src/tables/indexer.tables.generated.js

@@ -1,3 +1,4 @@
+export { INDEXER_HARDS } from "./hard-code-tables.js";
 export const INDEXER_SIZES = new Map([
     ["0A", { hs: 2, ss: 2, os: 1, fs: 156, ls: 0 }],
     ["0B", { hs: 2, ss: 2, os: 1, fs: 156, ls: 0 }],
@@ -61,12 +62,3 @@ export const INDEXER_CODES_BY_NAME = {
     "TBD1": "1z",
     "TBD4": "4z",
 };
-export const INDEXER_HARDS = new Map([
-    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZ".split("").map((c) => [c, 1]),
-    ..."abcdefghijklmnopqrstuvwxyz".split("").map((c) => [c, 1]),
-    ["0", 2],
-    ["1", 2],
-    ["2", 2],
-    ["3", 2],
-    ["4", 2],
-]);

package/esm/cesr/src/tables/matter.tables.generated.js

@@ -1,3 +1,4 @@
+export { MATTER_HARDS } from "./hard-code-tables.js";
 export const MATTER_SIZES = new Map([
     ["0A", { hs: 2, ss: 0, xs: 0, fs: 24, ls: 0 }],
     ["0B", { hs: 2, ss: 0, xs: 0, fs: 88, ls: 0 }],
@@ -334,17 +335,3 @@ export const MATTER_CODES_BY_NAME = {
     "X448": "L",
     "Yes": "1AAM",
 };
-export const MATTER_HARDS = new Map([
-    ..."ABCDEFGHIJKLMNOPQRSTUVWXYZ".split("").map((c) => [c, 1]),
-    ..."abcdefghijklmnopqrstuvwxyz".split("").map((c) => [c, 1]),
-    ["0", 2],
-    ["1", 4],
-    ["2", 4],
-    ["3", 4],
-    ["4", 2],
-    ["5", 2],
-    ["6", 2],
-    ["7", 4],
-    ["8", 4],
-    ["9", 4],
-]);

package/esm/cesr/src/version.js

@@ -1,11 +1,14 @@
 /**
- * Generated by scripts/generate_versions.ts.
- * Do not edit by hand.
+ * Template used by scripts/generate_versions.ts for package version modules.
+ *
+ * The generator token-replaces the string placeholders below, then formats and
+ * compares the rendered output during version checks. Do not edit generated
+ * `src/version.ts` files by hand; edit this template instead.
  */
 /** Package semantic version copied from the owning package manifest. */
-export const PACKAGE_VERSION = "0.6.0";
+export const PACKAGE_VERSION = "0.7.0";
 /** Optional build metadata stamp injected by release/CI workflows. */
-export const BUILD_METADATA = "build.9.11f27f1a6176caac7b15d7fba862023af598592f";
+export const BUILD_METADATA = "build.12.6aeea4790568f27066636c48ec39d2f098e3c26d";
 /** User-facing version string with build metadata appended when present. */
 export const DISPLAY_VERSION = BUILD_METADATA
     ? `${PACKAGE_VERSION}+${BUILD_METADATA}`

package/esm/keri/src/app/agent-runtime.js

@@ -5,7 +5,7 @@ import { Authenticator } from "./authenticating.js";
 import { loadChallengeHandlers } from "./challenging.js";
 import { cueDo, processCuesOnce } from "./cue-runtime.js";
 import { Anchorer, loadDelegationHandlers } from "./delegating.js";
-import { ForwardHandler, MailboxPoller, mailboxTopicForRoute, Poster } from "./forwarding.js";
+import { ForwardHandler, MailboxPoller, mailboxTopicForRoute, Poster, } from "./forwarding.js";
 import { MailboxDirector } from "./mailbox-director.js";
 import { openMailboxerForHabery } from "./mailboxing.js";
 import { Notifier, openNoterForHabery } from "./notifying.js";
@@ -13,6 +13,7 @@ import { isWellKnownOobiUrl, loadOobiHandlers, Oobiery, parseOobiUrl } from "./o
 import { QueryCoordinator } from "./querying.js";
 import { Reactor } from "./reactor.js";
 import { Respondant } from "./respondant.js";
+import { resolveRuntimeServices } from "./runtime-services.js";
 import { runtimeTurn } from "./runtime-turn.js";
 import { Signaler } from "./signaling.js";
 /**
@@ -26,6 +27,7 @@ import { Signaler } from "./signaling.js";
  */
 export function* createAgentRuntime(hby, options = {}) {
     const mode = options.mode ?? "local";
+    const services = resolveRuntimeServices(options.services);
     const enableMailboxStore = options.enableMailboxStore ?? mode === "indirect";
     const mailboxer = options.mailboxer
         ?? (enableMailboxStore ? (yield* openMailboxerForHabery(hby)) : null);
@@ -47,7 +49,7 @@ export function* createAgentRuntime(hby, options = {}) {
     loadDelegationHandlers(hby, reactor.exchanger, notifier);
     loadOobiHandlers(hby, reactor.exchanger, notifier);
     const mailboxDirector = new MailboxDirector(hby, mailboxer ? { mailboxer } : {});
-    const poster = new Poster(hby, { mailboxer });
+    const poster = new Poster(hby, { mailboxer, services });
     const respondant = new Respondant(hby, { poster, mailboxDirector });
     if (mailboxer) {
         reactor.exchanger.addHandler(new ForwardHandler(mailboxDirector));
@@ -61,7 +63,10 @@ export function* createAgentRuntime(hby, options = {}) {
             mailboxDirector.registerTopic(topic);
         }
     }
-    const mailboxPoller = new MailboxPoller(hby, mailboxDirector);
+    const mailboxPoller = new MailboxPoller(hby, mailboxDirector, {
+        services,
+        pollTransport: options.mailboxPollTransport,
+    });
     for (const topic of [
         DELEGATE_MAILBOX_TOPIC,
         RECEIPT_MAILBOX_TOPIC,
@@ -72,9 +77,9 @@ export function* createAgentRuntime(hby, options = {}) {
     }
     const querying = new QueryCoordinator(hby);
     const delegating = new Anchorer(hby, { poster, querying });
-    const oobiery = new Oobiery(hby, reactor, { cues });
+    const oobiery = new Oobiery(hby, reactor, { cues, services });
     oobiery.registerReplyRoutes(reactor.router);
-    const authenticator = new Authenticator(hby);
+    const authenticator = new Authenticator(hby, { services });
     return {
         hby,
         mode,
@@ -92,6 +97,7 @@ export function* createAgentRuntime(hby, options = {}) {
         poster,
         delegating,
         querying,
+        services,
         *close() {
             if (ownsNoter && noter?.opened) {
                 yield* noter.close();

package/esm/keri/src/app/authenticating.js

@@ -1,6 +1,7 @@
 import { closeResponseBody, fetchResponseHandle } from "./httping.js";
 import { isWellKnownOobiUrl, parseOobiUrl } from "./oobiery.js";
 import { persistResolvedContact } from "./organizing.js";
+import { defaultRuntimeServices } from "./runtime-services.js";
 import { runtimeTurn } from "./runtime-turn.js";
 /**
  * Well-known OOBI authenticator for one `Habery`.
@@ -16,14 +17,22 @@ import { runtimeTurn } from "./runtime-turn.js";
  * - `wkas.` records successful `(cid, url)` authorizations
  */
 export class Authenticator {
-    constructor(hby) {
+    constructor(hby, options = {}) {
         Object.defineProperty(this, "hby", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: void 0
         });
+        Object.defineProperty(this, "services", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        const { services = defaultRuntimeServices } = options;
         this.hby = hby;
+        this.services = services;
     }
     /** Process one bounded auth step if queued well-known work exists. */
     *processOnce() {
@@ -94,7 +103,7 @@ export class Authenticator {
         const cid = record.cid
             ?? parseOobiUrl(url, record.oobialias ?? undefined).cid
             ?? null;
-        const response = yield* fetchAuthResponse(url);
+        const response = yield* fetchAuthResponse(url, this.services);
         const date = new Date().toISOString();
         const state = response.ok ? "resolved" : `http-${response.status}`;
         yield* closeResponseBody(response);
@@ -114,7 +123,9 @@ export class Authenticator {
         }
     }
 }
-function* fetchAuthResponse(url) {
-    const { response } = yield* fetchResponseHandle(url);
+function* fetchAuthResponse(url, services = defaultRuntimeServices) {
+    const { response } = yield* fetchResponseHandle(url, {}, {
+        services,
+    });
     return response;
 }

package/esm/keri/src/app/cli/delegate.js

@@ -1,3 +1,16 @@
+/**
+ * Delegator-side CLI approval for pending delegated events.
+ *
+ * KERIpy correspondence:
+ * - this is the bounded command analogue of KLI's delegation approval flow
+ * - pending work is discovered from durable `delegables.` escrow, not from
+ *   controller notifications
+ *
+ * Maintainer rule:
+ * - `/delegate/request` notifications are UI hints only
+ * - approval ordering and event selection come from the delegated-event escrows
+ *   and the delegator's own KEL state
+ */
 import { spawn } from "effection";
 import { Diger } from "../../../../cesr/mod.js";
 import { ValidationError } from "../../core/errors.js";
@@ -7,6 +20,7 @@ import { createAgentRuntime, processRuntimeTurn, processRuntimeUntil, } from "..
 import { queryTransportSink } from "../query-transport.js";
 import { WitnessReceiptor } from "../witnessing.js";
 import { setupHby } from "./common/existing.js";
+/** Build witness auth payloads from CLI `<witness>:<code>` inputs. */
 function resolveWitnessAuths(witnesses, codes, codeTime, promptMissing = false) {
     const timestamp = codeTime ?? makeNowIso8601();
     const auths = {};
@@ -33,6 +47,7 @@ function resolveWitnessAuths(witnesses, codes, codeTime, promptMissing = false)
     }
     return auths;
 }
+/** Return pending delegated events for one local delegator, oldest first. */
 function pendingDelegations(hby, delegatorPre) {
     const pending = [];
     for (const [keys, said] of hby.db.delegables.getTopItemIter()) {
@@ -52,6 +67,7 @@ function pendingDelegations(hby, delegatorPre) {
     }
     return pending.sort((left, right) => (left.sn ?? 0) - (right.sn ?? 0));
 }
+/** Determine the delegator prefix for `dip` or `drt` escrow material. */
 function delegationSourcePrefix(hby, serder, pre) {
     if (serder.delpre) {
         return serder.delpre;
@@ -63,12 +79,14 @@ function delegationSourcePrefix(hby, serder, pre) {
     return hby.db.getKever(delegatedPre)?.delpre
         ?? hby.db.getState(delegatedPre)?.di;
 }
+/** Project a delegated event into the seal embedded by the approving event. */
 function anchorData(serder) {
     if (!serder.pre || !serder.snh || !serder.said) {
         throw new ValidationError("Delegated event is missing pre, sn, or said.");
     }
     return { i: serder.pre, s: serder.snh, d: serder.said };
 }
+/** Resolve delegate witnesses for either delegated inception or rotation. */
 function delegateWitnesses(hby, serder) {
     if ((serder.sn ?? 0) === 0) {
         return [...serder.backs];
@@ -78,6 +96,7 @@ function delegateWitnesses(hby, serder) {
     }
     return [...(hby.db.getKever(serder.pre)?.wits ?? [])];
 }
+/** Return true once the delegated event has left escrow and reached local state. */
 function delegateCommitted(hby, serder) {
     if (!serder.pre) {
         return false;
@@ -85,6 +104,7 @@ function delegateCommitted(hby, serder) {
     const kever = hby.db.getKever(serder.pre);
     return kever !== undefined && kever !== null && kever.sn >= (serder.sn ?? 0);
 }
+/** Build a witness log query used to pull delegate-side completion material. */
 function delegateWitnessLogsQuery(hab, serder, witness) {
     if (!serder.pre || !serder.snh) {
         throw new ValidationError("Delegated event is missing pre or sn for query.");
@@ -103,6 +123,7 @@ function delegateWitnessLogsQuery(hab, serder, witness) {
         msgs: [hab.query(serder.pre, witness, query, "logs")],
     };
 }
+/** Route query cues through query transport and other cues through Respondant. */
 function delegateConfirmSink(runtime, hby, hab) {
     const querySink = queryTransportSink(runtime, hby, hab);
     return {
@@ -115,6 +136,7 @@ function delegateConfirmSink(runtime, hby, hab) {
         },
     };
 }
+/** Approve pending delegated events for the selected local delegator habitat. */
 export function* delegateConfirmCommand(args) {
     const confirmArgs = {
         name: args.name,
@@ -166,6 +188,9 @@ export function* delegateConfirmCommand(args) {
                 const selected = confirmArgs.auto ? pending : [pending[0]];
                 for (const serder of selected) {
                     const anchor = anchorData(serder);
+                    // KERIpy permits either interaction or rotation approval. Keep this
+                    // explicit because the chosen approving event type affects later
+                    // replay, but the embedded anchor seal is the same.
                     if (interactionApproval) {
                         hab.interact({ data: [anchor] });
                     }
@@ -193,6 +218,9 @@ export function* delegateConfirmCommand(args) {
                     const witnesses = delegateWitnesses(hby, serder).sort();
                     const selectedWitness = witnesses[0];
                     if (selectedWitness) {
+                        // Witnessed delegates must prove the delegated event is committed
+                        // locally before we pin `aess.` and retry delegated unescrow. Doing
+                        // it earlier can make local state look approved but incomplete.
                         yield* sink.send(delegateWitnessLogsQuery(hab, serder, selectedWitness));
                         yield* processRuntimeUntil(runtime, () => delegateCommitted(hby, serder), { hab, maxTurns: 128, pollMailbox: true, sink });
                     }

package/esm/keri/src/app/cli/notifications.js

@@ -13,6 +13,7 @@ function requireRid(rid) {
     }
     return rid;
 }
+/** Open the signed notification facade for one CLI invocation. */
 function* openNotifier(args) {
     const hby = yield* setupHby(requireName(args.name), args.base ?? "", args.passcode, false, args.headDirPath, {
         compat: args.compat ?? false,
@@ -26,6 +27,7 @@ function* openNotifier(args) {
         notifier: new Notifier(hby, { noter }),
     };
 }
+/** Print verified local controller notices as JSON for operator inspection. */
 export function* notificationsListCommand(args) {
     const commandArgs = {
         name: args.name,
@@ -60,6 +62,7 @@ export function* notificationsListCommand(args) {
         yield* hby.close();
     }
 }
+/** Mark one verified notice as read and persist its new detached signature. */
 export function* notificationsMarkReadCommand(args) {
     const commandArgs = {
         name: args.name,
@@ -82,6 +85,7 @@ export function* notificationsMarkReadCommand(args) {
         yield* hby.close();
     }
 }
+/** Remove one verified notice from the notification sidecar. */
 export function* notificationsRemoveCommand(args) {
     const commandArgs = {
         name: args.name,

package/esm/keri/src/app/delegating.js

@@ -6,6 +6,7 @@ import { dgKey } from "../db/core/keys.js";
 import { eventPayloadMessage, eventReplayMessage } from "./habbing.js";
 import { sendWitnessMessage } from "./witnessing.js";
 export const DELEGATE_REQUEST_ROUTE = "/delegate/request";
+/** Runtime passes to wait between repeated delegator-witness anchor queries. */
 const DELEGATION_ANCHOR_QUERY_RETRY_PASSES = 8;
 function eventKey(serder) {
     const pre = serder.pre;
@@ -15,12 +16,14 @@ function eventKey(serder) {
     }
     return [pre, snh];
 }
+/** Build the anchor seal shape a delegator must embed in its approving event. */
 function eventAnchor(serder) {
     if (!serder.pre || !serder.snh || !serder.said) {
         throw new ValidationError("Delegated approval anchor requires pre, sn, and said.");
     }
     return { i: serder.pre, s: serder.snh, d: serder.said };
 }
+/** Resolve the local habitat that owns the delegated event being processed. */
 function workflowHab(hby, serder) {
     const pre = serder.pre;
     if (!pre) {
@@ -61,6 +64,7 @@ function escrowContext(keys, serder) {
     }
     return [keys, serder, pre, said, snh];
 }
+/** Persist the delegator event seal that authorizes one delegated event. */
 function pinAuthorizingSeal(hby, delegated, delegating) {
     const pre = delegated.pre;
     const said = delegated.said;
@@ -84,12 +88,14 @@ function witnessReceiptsComplete(hby, serder) {
     }
     return hby.db.wigs.get(dgKey(pre, said)).length >= kever.wits.length;
 }
+/** Resolve the delegator prefix from event material or accepted delegated state. */
 function delegatedWorkflowDelpre(hby, serder, hab) {
     if (serder.delpre) {
         return serder.delpre;
     }
     return (hab ?? workflowHab(hby, serder)).kever?.delpre ?? null;
 }
+/** Return the local delegator event that contains the delegated event seal. */
 function approvingEvent(hby, serder, hab) {
     const delpre = delegatedWorkflowDelpre(hby, serder, hab);
     return delpre
@@ -113,6 +119,7 @@ export function resolveDelegationCommunicationHab(hby, alias) {
     }
     return hab;
 }
+/** Install delegation-specific EXN handlers into one exchange router. */
 export function loadDelegationHandlers(hby, exchanger, notifier = null) {
     exchanger.addHandler(new DelegateRequestHandler(hby, notifier));
 }
@@ -165,6 +172,7 @@ export class DelegateRequestHandler {
             && typeof embeds?.["evt"] === "object"
             && embeds?.["evt"] !== null;
     }
+    /** Store a signed controller notification when this request targets a local delegator. */
     handle(args) {
         if (!this.notifier) {
             return;
@@ -282,6 +290,7 @@ export class Anchorer {
             this.communicationHabPins.delete(id);
         }
     }
+    /** Begin workflow processing from the currently accepted event for an AID. */
     beginLatest(pre, sn, options = {}) {
         const kever = this.hby.db.getKever(pre);
         if (!kever) {
@@ -299,6 +308,7 @@ export class Anchorer {
         this.begin(serder, options);
         return serder;
     }
+    /** Return the current durable workflow phase without mutating escrow state. */
     workflowStatus(pre, snh) {
         const key = [pre, snh];
         const serder = this.hby.db.dpwe.get(key)
@@ -323,6 +333,7 @@ export class Anchorer {
             complete: completed,
         };
     }
+    /** Return true after the delegated event has been durably completed. */
     complete(pre, sn) {
         const snNum = typeof sn === "number" ? sn : parseInt(sn, 16);
         if (!Number.isInteger(snNum) || snNum < 0) {
@@ -340,6 +351,7 @@ export class Anchorer {
         }
         return false;
     }
+    /** Process all delegation escrow families once in KERIpy-compatible order. */
     *processAllOnce() {
         const results = [];
         for (const [keys, serder] of [...this.hby.db.dpwe.getTopItemIter()]) {
@@ -405,6 +417,9 @@ export class Anchorer {
                 reason: "Delegate witness receipts are not converged yet.",
             };
         }
+        // Do not ask the delegator to approve until the delegate's own witnesses
+        // have receipted the event. That preserves the KERIpy approval ordering
+        // and avoids anchoring an event the delegate cannot yet complete.
         const message = eventPayloadMessage(this.hby, serder);
         yield* this.poster.sendExchange(communicationHab, {
             recipient: delpre,
@@ -475,6 +490,9 @@ export class Anchorer {
                 reason: this.retryDelegatorWitnessQuery(serder, communicationHab),
             };
         }
+        // The approving event is authoritative only after the delegator's sealing
+        // event is learned locally; pinning `aess.` is what lets delegated unescrow
+        // and later reopen paths prove the authorization.
         pinAuthorizingSeal(this.hby, serder, delegating);
         this.hby.db.dune.rem(keys);
         if ((hab.kever?.wits.length ?? 0) === 0) {
@@ -548,6 +566,7 @@ export class Anchorer {
         // immediately enqueueing the same query again.
         this.anchorQueryRetryPasses.set(id, -1);
     }
+    /** Retry bounded delegator-witness queries while waiting for the anchor. */
     retryDelegatorWitnessQuery(serder, communicationHab) {
         const id = workflowId(serder);
         const delpre = delegatedWorkflowDelpre(this.hby, serder);
@@ -605,6 +624,8 @@ export class Anchorer {
         if (!kever) {
             throw new ValidationError(`Delegation witness publication: missing accepted key state for ${pre}.`);
         }
+        // Publish the delegator chain first, then replay the approving event. This
+        // matches the witness-visible material KERIpy sends for delegated approval.
         for (const msg of this.hby.db.cloneDelegation(kever)) {
             for (const witness of kever.wits) {
                 yield* sendWitnessMessage(hab, witness, msg);