morpheus-cli 0.6.5 → 0.6.6

package/README.md

@@ -82,8 +82,11 @@ Minimal `env.docker`:
 ```env
 OPENAI_API_KEY=sk-...
 THE_ARCHITECT_PASS=changeme
+MORPHEUS_SECRET=<generate-a-random-secret>
 ```
 
+> **Tip:** Generate a secure `MORPHEUS_SECRET` with: `openssl rand -base64 32` or `node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"`
+
 **2. Run:**
 
 ```bash
@@ -121,6 +124,7 @@ docker run -d \
   -p 3333:3333 \
   -e OPENAI_API_KEY=sk-... \
   -e THE_ARCHITECT_PASS=changeme \
+  -e MORPHEUS_SECRET=<generate-a-random-secret> \
   -v morpheus_data:/root/.morpheus \
   morpheus
 ```
@@ -133,6 +137,7 @@ docker run -d \
   -p 3333:3333 \
   -e OPENAI_API_KEY=sk-... \
   -e THE_ARCHITECT_PASS=changeme \
+  -e MORPHEUS_SECRET=<generate-a-random-secret> \
   -e MORPHEUS_TELEGRAM_ENABLED=true \
   -e MORPHEUS_TELEGRAM_TOKEN=<bot-token> \
   -e MORPHEUS_TELEGRAM_ALLOWED_USERS=123456789 \
@@ -148,6 +153,7 @@ docker run -d \
   -p 3333:3333 \
   -e OPENAI_API_KEY=sk-... \
   -e THE_ARCHITECT_PASS=changeme \
+  -e MORPHEUS_SECRET=<generate-a-random-secret> \
   -e MORPHEUS_DISCORD_ENABLED=true \
   -e MORPHEUS_DISCORD_TOKEN=<bot-token> \
   -e MORPHEUS_DISCORD_ALLOWED_USERS=987654321 \
@@ -365,7 +371,7 @@ Provider-specific keys:
 - `THE_ARCHITECT_PASS`
 
 Security:
-- `MORPHEUS_SECRET` — AES-256-GCM key for encrypting Trinity database passwords (required when using Trinity)
+- `MORPHEUS_SECRET` — AES-256-GCM encryption key for Trinity database passwords and agent API keys. When set, all API keys saved via UI or config file are automatically encrypted at rest.
 
 Generic Morpheus overrides (selected):
 

package/dist/channels/discord.js

@@ -7,6 +7,7 @@ import { SQLiteChatMessageHistory } from '../runtime/memory/sqlite.js';
 import { DisplayManager } from '../runtime/display.js';
 import { ConfigManager } from '../config/manager.js';
 import { createTelephonist } from '../runtime/telephonist.js';
+import { getUsableApiKey } from '../runtime/trinity-crypto.js';
 // ─── Slash Command Definitions ────────────────────────────────────────────────
 const SLASH_COMMANDS = [
     new SlashCommandBuilder()
@@ -219,8 +220,8 @@ export class DiscordAdapter {
             await channel.send('Audio transcription is currently disabled.');
             return;
         }
-        const apiKey = config.audio.apiKey ||
-            (config.llm.provider === config.audio.provider ? config.llm.api_key : undefined);
+        const apiKey = getUsableApiKey(config.audio.apiKey) ||
+            (config.llm.provider === config.audio.provider ? getUsableApiKey(config.llm.api_key) : undefined);
         if (!apiKey) {
             this.display.log(`Audio transcription failed: No API key for provider '${config.audio.provider}'`, { source: 'Telephonist', level: 'error' });
             await channel.send(`Audio transcription requires an API key for provider '${config.audio.provider}'.`);

package/dist/channels/telegram.js

@@ -8,6 +8,7 @@ import { spawn } from 'child_process';
 import { ConfigManager } from '../config/manager.js';
 import { DisplayManager } from '../runtime/display.js';
 import { createTelephonist } from '../runtime/telephonist.js';
+import { getUsableApiKey } from '../runtime/trinity-crypto.js';
 import { readPid, isProcessRunning, checkStalePid } from '../runtime/lifecycle.js';
 import { SQLiteChatMessageHistory } from '../runtime/memory/sqlite.js';
 import { SatiRepository } from '../runtime/memory/sati/repository.js';
@@ -281,8 +282,8 @@ export class TelegramAdapter {
                     await ctx.reply("Audio transcription is currently disabled.");
                     return;
                 }
-                const apiKey = config.audio.apiKey ||
-                    (config.llm.provider === config.audio.provider ? config.llm.api_key : undefined);
+                const apiKey = getUsableApiKey(config.audio.apiKey) ||
+                    (config.llm.provider === config.audio.provider ? getUsableApiKey(config.llm.api_key) : undefined);
                 if (!apiKey) {
                     this.display.log(`Audio transcription failed: No API key available for provider '${config.audio.provider}'`, { source: 'Telephonist', level: 'error' });
                     await ctx.reply(`Audio transcription requires an API key for provider '${config.audio.provider}'. Please configure \`audio.apiKey\` or use the same provider as your LLM.`);

package/dist/cli/commands/start.js

@@ -1,6 +1,7 @@
 import { Command } from 'commander';
 import chalk from 'chalk';
 import fs from 'fs-extra';
+import path from 'path';
 import { confirm } from '@inquirer/prompts';
 import { scaffold } from '../../runtime/scaffold.js';
 import { DisplayManager } from '../../runtime/display.js';
@@ -21,6 +22,35 @@ import { TaskWorker } from '../../runtime/tasks/worker.js';
 import { TaskNotifier } from '../../runtime/tasks/notifier.js';
 import { ChronosWorker } from '../../runtime/chronos/worker.js';
 import { ChronosRepository } from '../../runtime/chronos/repository.js';
+// Load .env file explicitly in start command
+const envPath = path.join(process.cwd(), '.env');
+if (fs.existsSync(envPath)) {
+    try {
+        const envConfig = fs.readFileSync(envPath, 'utf-8');
+        envConfig.split('\n').forEach(line => {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                return;
+            const match = trimmed.match(/^([^=]+)=(.*)$/);
+            if (match) {
+                const key = match[1].trim();
+                let value = match[2].trim();
+                // Remove quotes if present
+                if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+                    value = value.slice(1, -1);
+                }
+                // Don't overwrite existing env vars
+                if (!process.env[key]) {
+                    process.env[key] = value;
+                }
+            }
+        });
+        console.log('[DEBUG] Loaded .env file from:', envPath);
+    }
+    catch (err) {
+        console.error('[WARN] Failed to load .env:', err);
+    }
+}
 export const startCommand = new Command('start')
     .description('Start the Morpheus agent')
     .option('--ui', 'Enable web UI', true)

package/dist/config/manager.js

@@ -6,6 +6,8 @@ import { setByPath } from './utils.js';
 import { ConfigSchema } from './schemas.js';
 import { migrateConfigFile } from '../runtime/migration.js';
 import { resolveApiKey, resolveModel, resolveNumeric, resolveString, resolveBoolean, resolveProvider, resolveStringArray } from './precedence.js';
+import { encrypt, safeDecrypt, looksLikeEncrypted, canEncrypt } from '../runtime/trinity-crypto.js';
+import { DisplayManager } from '../runtime/display.js';
 export class ConfigManager {
     static instance;
     config = DEFAULT_CONFIG;
@@ -16,6 +18,89 @@ export class ConfigManager {
         }
         return ConfigManager.instance;
     }
+    /**
+     * Decrypts API keys in config if they appear to be encrypted.
+     * Fail-open: returns original value if decryption fails.
+     */
+    decryptAgentApiKeys(config) {
+        const decrypted = { ...config };
+        // Helper to decrypt a single key
+        const tryDecrypt = (apiKey) => {
+            if (!apiKey)
+                return undefined;
+            if (!looksLikeEncrypted(apiKey))
+                return apiKey;
+            const decrypted = safeDecrypt(apiKey);
+            return decrypted ?? apiKey; // Return original if decryption fails
+        };
+        // Decrypt Oracle/LLM
+        if (decrypted.llm.api_key) {
+            decrypted.llm = { ...decrypted.llm, api_key: tryDecrypt(decrypted.llm.api_key) };
+        }
+        // Decrypt Sati
+        if (decrypted.sati?.api_key) {
+            decrypted.sati = { ...decrypted.sati, api_key: tryDecrypt(decrypted.sati.api_key) };
+        }
+        // Decrypt Apoc
+        if (decrypted.apoc?.api_key) {
+            decrypted.apoc = { ...decrypted.apoc, api_key: tryDecrypt(decrypted.apoc.api_key) };
+        }
+        // Decrypt Neo
+        if (decrypted.neo?.api_key) {
+            decrypted.neo = { ...decrypted.neo, api_key: tryDecrypt(decrypted.neo.api_key) };
+        }
+        // Decrypt Trinity
+        if (decrypted.trinity?.api_key) {
+            decrypted.trinity = { ...decrypted.trinity, api_key: tryDecrypt(decrypted.trinity.api_key) };
+        }
+        // Decrypt Audio (Telephonist)
+        if (decrypted.audio?.apiKey) {
+            decrypted.audio = { ...decrypted.audio, apiKey: tryDecrypt(decrypted.audio.apiKey) };
+        }
+        return decrypted;
+    }
+    /**
+     * Encrypts API keys in config if MORPHEUS_SECRET is set.
+     */
+    encryptAgentApiKeys(config) {
+        if (!canEncrypt())
+            return config;
+        const encrypted = { ...config };
+        // Helper to encrypt a single key
+        const tryEncrypt = (apiKey) => {
+            if (!apiKey)
+                return undefined;
+            // Don't double-encrypt
+            if (looksLikeEncrypted(apiKey))
+                return apiKey;
+            return encrypt(apiKey);
+        };
+        // Encrypt Oracle/LLM
+        if (encrypted.llm.api_key) {
+            encrypted.llm = { ...encrypted.llm, api_key: tryEncrypt(encrypted.llm.api_key) };
+        }
+        // Encrypt Sati
+        if (encrypted.sati?.api_key) {
+            encrypted.sati = { ...encrypted.sati, api_key: tryEncrypt(encrypted.sati.api_key) };
+        }
+        // Encrypt Apoc
+        if (encrypted.apoc?.api_key) {
+            encrypted.apoc = { ...encrypted.apoc, api_key: tryEncrypt(encrypted.apoc.api_key) };
+        }
+        // Encrypt Neo
+        if (encrypted.neo?.api_key) {
+            encrypted.neo = { ...encrypted.neo, api_key: tryEncrypt(encrypted.neo.api_key) };
+        }
+        // Encrypt Trinity
+        if (encrypted.trinity?.api_key) {
+            encrypted.trinity = { ...encrypted.trinity, api_key: tryEncrypt(encrypted.trinity.api_key) };
+        }
+        // Encrypt Audio (Telephonist)
+        if (encrypted.audio?.apiKey) {
+            encrypted.audio = { ...encrypted.audio, apiKey: tryEncrypt(encrypted.audio.apiKey) };
+        }
+        return encrypted;
+    }
     async load() {
         try {
             await migrateConfigFile();
@@ -222,9 +307,16 @@ export class ConfigManager {
     }
     async save(newConfig) {
         // Deep merge or overwrite? simpler to overwrite for now or merge top level
-        const updated = { ...this.config, ...newConfig };
+        let updated = { ...this.config, ...newConfig };
+        // Encrypt API keys before saving if MORPHEUS_SECRET is set
+        updated = this.encryptAgentApiKeys(updated);
         // Validate before saving
         const valid = ConfigSchema.parse(updated);
+        // Warn if saving without encryption
+        if (!canEncrypt()) {
+            const display = DisplayManager.getInstance();
+            display.log('API keys saved in PLAINTEXT. Set MORPHEUS_SECRET environment variable to enable AES-256-GCM encryption.', { source: 'ConfigManager', level: 'warning' });
+        }
         await fs.ensureDir(PATHS.root);
         await fs.writeFile(PATHS.config, yaml.dump(valid), 'utf8');
         this.config = valid;
@@ -285,4 +377,28 @@ export class ConfigManager {
         }
         return defaults;
     }
+    /**
+     * Returns encryption status for all agent API keys.
+     */
+    getEncryptionStatus() {
+        const checkKey = (apiKey) => {
+            if (!apiKey)
+                return true; // No key = not plaintext
+            return looksLikeEncrypted(apiKey);
+        };
+        const apiKeysEncrypted = {
+            oracle: checkKey(this.config.llm.api_key),
+            sati: checkKey(this.config.sati?.api_key),
+            neo: checkKey(this.config.neo?.api_key),
+            apoc: checkKey(this.config.apoc?.api_key),
+            trinity: checkKey(this.config.trinity?.api_key),
+            audio: checkKey(this.config.audio?.apiKey),
+        };
+        const hasPlaintextKeys = Object.values(apiKeysEncrypted).some(encrypted => !encrypted);
+        return {
+            morpheusSecretSet: canEncrypt(),
+            apiKeysEncrypted,
+            hasPlaintextKeys,
+        };
+    }
 }

package/dist/config/precedence.js

@@ -136,3 +136,110 @@ export function resolveProvider(genericEnvVar, configFileValue, defaultValue) {
     }
     return defaultValue;
 }
+/**
+ * Check if a configuration value is being overridden by an environment variable.
+ * Returns true if the value comes from an environment variable (either provider-specific or generic).
+ */
+export function isOverriddenByEnv(provider, genericEnvVar, configFileValue) {
+    const providerSpecificVars = {
+        'openai': 'OPENAI_API_KEY',
+        'anthropic': 'ANTHROPIC_API_KEY',
+        'openrouter': 'OPENROUTER_API_KEY',
+        'ollama': '',
+        'gemini': 'GOOGLE_API_KEY'
+    };
+    const providerSpecificVar = providerSpecificVars[provider];
+    // Check if provider-specific variable is set
+    if (providerSpecificVar && process.env[providerSpecificVar]) {
+        return true;
+    }
+    // Check if generic variable is set
+    if (process.env[genericEnvVar]) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if a generic configuration value is being overridden by an environment variable.
+ */
+export function isEnvVarSet(envVarName) {
+    return process.env[envVarName] !== undefined && process.env[envVarName] !== '';
+}
+/**
+ * Get list of all active environment variable overrides for agent configurations.
+ */
+export function getActiveEnvOverrides() {
+    const overrides = {};
+    // LLM/Oracle
+    if (isEnvVarSet('MORPHEUS_LLM_PROVIDER'))
+        overrides['llm.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_LLM_MODEL'))
+        overrides['llm.model'] = true;
+    if (isEnvVarSet('MORPHEUS_LLM_TEMPERATURE'))
+        overrides['llm.temperature'] = true;
+    if (isEnvVarSet('MORPHEUS_LLM_MAX_TOKENS'))
+        overrides['llm.max_tokens'] = true;
+    if (isEnvVarSet('MORPHEUS_LLM_API_KEY'))
+        overrides['llm.api_key'] = true;
+    if (isEnvVarSet('MORPHEUS_LLM_CONTEXT_WINDOW'))
+        overrides['llm.context_window'] = true;
+    // Provider-specific API keys
+    if (isEnvVarSet('OPENAI_API_KEY'))
+        overrides['llm.api_key_openai'] = true;
+    if (isEnvVarSet('ANTHROPIC_API_KEY'))
+        overrides['llm.api_key_anthropic'] = true;
+    if (isEnvVarSet('GOOGLE_API_KEY'))
+        overrides['llm.api_key_gemini'] = true;
+    if (isEnvVarSet('OPENROUTER_API_KEY'))
+        overrides['llm.api_key_openrouter'] = true;
+    // Sati
+    if (isEnvVarSet('MORPHEUS_SATI_PROVIDER'))
+        overrides['sati.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_SATI_MODEL'))
+        overrides['sati.model'] = true;
+    if (isEnvVarSet('MORPHEUS_SATI_TEMPERATURE'))
+        overrides['sati.temperature'] = true;
+    if (isEnvVarSet('MORPHEUS_SATI_API_KEY'))
+        overrides['sati.api_key'] = true;
+    // Neo
+    if (isEnvVarSet('MORPHEUS_NEO_PROVIDER'))
+        overrides['neo.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_NEO_MODEL'))
+        overrides['neo.model'] = true;
+    if (isEnvVarSet('MORPHEUS_NEO_TEMPERATURE'))
+        overrides['neo.temperature'] = true;
+    if (isEnvVarSet('MORPHEUS_NEO_API_KEY'))
+        overrides['neo.api_key'] = true;
+    // Apoc
+    if (isEnvVarSet('MORPHEUS_APOC_PROVIDER'))
+        overrides['apoc.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_APOC_MODEL'))
+        overrides['apoc.model'] = true;
+    if (isEnvVarSet('MORPHEUS_APOC_TEMPERATURE'))
+        overrides['apoc.temperature'] = true;
+    if (isEnvVarSet('MORPHEUS_APOC_API_KEY'))
+        overrides['apoc.api_key'] = true;
+    if (isEnvVarSet('MORPHEUS_APOC_WORKING_DIR'))
+        overrides['apoc.working_dir'] = true;
+    if (isEnvVarSet('MORPHEUS_APOC_TIMEOUT_MS'))
+        overrides['apoc.timeout_ms'] = true;
+    // Trinity
+    if (isEnvVarSet('MORPHEUS_TRINITY_PROVIDER'))
+        overrides['trinity.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_TRINITY_MODEL'))
+        overrides['trinity.model'] = true;
+    if (isEnvVarSet('MORPHEUS_TRINITY_TEMPERATURE'))
+        overrides['trinity.temperature'] = true;
+    if (isEnvVarSet('MORPHEUS_TRINITY_API_KEY'))
+        overrides['trinity.api_key'] = true;
+    // Audio
+    if (isEnvVarSet('MORPHEUS_AUDIO_PROVIDER'))
+        overrides['audio.provider'] = true;
+    if (isEnvVarSet('MORPHEUS_AUDIO_MODEL'))
+        overrides['audio.model'] = true;
+    if (isEnvVarSet('MORPHEUS_AUDIO_API_KEY'))
+        overrides['audio.apiKey'] = true;
+    if (isEnvVarSet('MORPHEUS_AUDIO_MAX_DURATION'))
+        overrides['audio.maxDurationSeconds'] = true;
+    return overrides;
+}

package/dist/http/api.js

@@ -18,6 +18,7 @@ import { Trinity } from '../runtime/trinity.js';
 import { ChronosRepository } from '../runtime/chronos/repository.js';
 import { ChronosWorker } from '../runtime/chronos/worker.js';
 import { createChronosJobRouter, createChronosConfigRouter } from './routers/chronos.js';
+import { getActiveEnvOverrides } from '../config/precedence.js';
 async function readLastLines(filePath, n) {
     try {
         const content = await fs.readFile(filePath, 'utf8');
@@ -813,6 +814,34 @@ export function createApiRouter(oracle, chronosWorker) {
             res.status(500).json({ error: error.message });
         }
     });
+    // ─── Encryption Status ─────────────────────────────────────────────────────
+    router.get('/config/encryption-status', (req, res) => {
+        try {
+            const status = configManager.getEncryptionStatus();
+            res.json(status);
+        }
+        catch (error) {
+            res.status(500).json({ error: error.message });
+        }
+    });
+    // ─── Environment Variable Overrides ────────────────────────────────────────
+    router.get('/config/env-overrides', (req, res) => {
+        try {
+            const overrides = getActiveEnvOverrides();
+            // Debug log to see what's being detected
+            // console.log('[DEBUG] Env overrides:', JSON.stringify(overrides, null, 2));
+            // console.log('[DEBUG] Sample env vars:', {
+            //   MORPHEUS_LLM_PROVIDER: !!process.env.MORPHEUS_LLM_PROVIDER,
+            //   MORPHEUS_LLM_MODEL: !!process.env.MORPHEUS_LLM_MODEL,
+            //   OPENAI_API_KEY: !!process.env.OPENAI_API_KEY,
+            // });
+            res.json(overrides);
+        }
+        catch (error) {
+            console.error('[ERROR] Failed to get env overrides:', error);
+            res.status(500).json({ error: error.message });
+        }
+    });
     // ─── Trinity Databases CRUD ─────────────────────────────────────────────────
     const DatabaseCreateSchema = z.object({
         name: z.string().min(1).max(100),

package/dist/runtime/providers/factory.js

@@ -5,6 +5,7 @@ import { ChatGoogleGenerativeAI } from "@langchain/google-genai";
 import { ProviderError } from "../errors.js";
 import { createAgent, createMiddleware } from "langchain";
 import { DisplayManager } from "../display.js";
+import { getUsableApiKey } from "../trinity-crypto.js";
 export class ProviderFactory {
     static buildMonitoringMiddleware() {
         const display = DisplayManager.getInstance();
@@ -26,24 +27,25 @@ export class ProviderFactory {
         });
     }
     static buildModel(config) {
+        const usableApiKey = getUsableApiKey(config.api_key);
         switch (config.provider) {
             case 'openai':
                 return new ChatOpenAI({
                     modelName: config.model,
                     temperature: config.temperature,
-                    apiKey: process.env.OPENAI_API_KEY || config.api_key,
+                    apiKey: process.env.OPENAI_API_KEY || usableApiKey,
                 });
             case 'anthropic':
                 return new ChatAnthropic({
                     modelName: config.model,
                     temperature: config.temperature,
-                    apiKey: process.env.ANTHROPIC_API_KEY || config.api_key,
+                    apiKey: process.env.ANTHROPIC_API_KEY || usableApiKey,
                 });
             case 'openrouter':
                 return new ChatOpenAI({
                     modelName: config.model,
                     temperature: config.temperature,
-                    apiKey: process.env.OPENROUTER_API_KEY || config.api_key,
+                    apiKey: process.env.OPENROUTER_API_KEY || usableApiKey,
                     configuration: {
                         baseURL: config.base_url || 'https://openrouter.ai/api/v1'
                     }
@@ -52,13 +54,13 @@ export class ProviderFactory {
                 return new ChatOllama({
                     model: config.model,
                     temperature: config.temperature,
-                    baseUrl: config.base_url || config.api_key,
+                    baseUrl: config.base_url || usableApiKey,
                 });
             case 'gemini':
                 return new ChatGoogleGenerativeAI({
                     model: config.model,
                     temperature: config.temperature,
-                    apiKey: process.env.GOOGLE_API_KEY || config.api_key
+                    apiKey: process.env.GOOGLE_API_KEY || usableApiKey
                 });
             default:
                 throw new Error(`Unsupported provider: ${config.provider}`);

package/dist/runtime/trinity-crypto.js

@@ -50,3 +50,54 @@ export function decrypt(ciphertext) {
 export function canEncrypt() {
     return !!process.env.MORPHEUS_SECRET;
 }
+/**
+ * Checks if a string appears to be an encrypted value.
+ * Format: base64(iv):base64(authTag):base64(ciphertext)
+ */
+export function looksLikeEncrypted(value) {
+    const parts = value.split(':');
+    if (parts.length !== 3)
+        return false;
+    // Each part should be valid base64
+    return parts.every(part => {
+        try {
+            const decoded = Buffer.from(part, 'base64');
+            return decoded.toString('base64') === part;
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/**
+ * Safely decrypts a value, returning null if decryption fails.
+ * Use this for fail-open scenarios where MORPHEUS_SECRET may not be set.
+ */
+export function safeDecrypt(ciphertext) {
+    if (!ciphertext)
+        return null;
+    try {
+        return decrypt(ciphertext);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Gets the usable API key from a potentially encrypted value.
+ * If the value looks encrypted, attempts to decrypt it.
+ * If decryption fails or MORPHEUS_SECRET is not set, returns the original value.
+ * Use this when you need the actual plaintext key for API calls.
+ */
+export function getUsableApiKey(encryptedOrPlain) {
+    if (!encryptedOrPlain)
+        return undefined;
+    // If it looks encrypted, try to decrypt
+    if (looksLikeEncrypted(encryptedOrPlain)) {
+        const decrypted = safeDecrypt(encryptedOrPlain);
+        // If decryption succeeded, return it; otherwise return original
+        return decrypted ?? encryptedOrPlain;
+    }
+    // Not encrypted, return as-is
+    return encryptedOrPlain;
+}