opc-agent 0.9.0 → 1.1.0

package/src/core/errors.ts

@@ -0,0 +1,148 @@
+/**
+ * OPC Agent Error Hierarchy - v1.0.0
+ * Custom error classes with user-friendly messages and recovery hints.
+ */
+
+export class OPCError extends Error {
+  public readonly code: string;
+  public readonly hint?: string;
+  public readonly context?: Record<string, unknown>;
+  public readonly timestamp = Date.now();
+
+  constructor(message: string, opts?: { code?: string; hint?: string; context?: Record<string, unknown>; cause?: Error }) {
+    super(message);
+    this.name = 'OPCError';
+    this.code = opts?.code ?? 'OPC_UNKNOWN';
+    this.hint = opts?.hint;
+    this.context = opts?.context;
+    if (opts?.cause) this.cause = opts.cause;
+  }
+
+  toJSON(): Record<string, unknown> {
+    return { name: this.name, code: this.code, message: this.message, hint: this.hint, context: this.context, timestamp: this.timestamp };
+  }
+
+  toUserMessage(): string {
+    return this.hint ? `${this.message}\n💡 ${this.hint}` : this.message;
+  }
+}
+
+export class ProviderError extends OPCError {
+  public readonly provider: string;
+  public readonly statusCode?: number;
+
+  constructor(provider: string, message: string, opts?: { statusCode?: number; hint?: string; cause?: Error }) {
+    super(message, {
+      code: 'OPC_PROVIDER_ERROR',
+      hint: opts?.hint ?? `Check your API key and network connection for ${provider}.`,
+      context: { provider, statusCode: opts?.statusCode },
+      cause: opts?.cause,
+    });
+    this.name = 'ProviderError';
+    this.provider = provider;
+    this.statusCode = opts?.statusCode;
+  }
+}
+
+export class ValidationError extends OPCError {
+  public readonly field?: string;
+  public readonly errors: string[];
+
+  constructor(message: string, errors: string[] = [], field?: string) {
+    super(message, {
+      code: 'OPC_VALIDATION_ERROR',
+      hint: 'Check your OAD configuration file for missing or invalid fields.',
+      context: { field, errors },
+    });
+    this.name = 'ValidationError';
+    this.field = field;
+    this.errors = errors;
+  }
+}
+
+export class ConfigError extends OPCError {
+  constructor(message: string, hint?: string) {
+    super(message, { code: 'OPC_CONFIG_ERROR', hint: hint ?? 'Check your oad.yaml and .env files.' });
+    this.name = 'ConfigError';
+  }
+}
+
+export class ChannelError extends OPCError {
+  public readonly channelType: string;
+
+  constructor(channelType: string, message: string, opts?: { hint?: string; cause?: Error }) {
+    super(message, {
+      code: 'OPC_CHANNEL_ERROR',
+      hint: opts?.hint ?? `Check configuration for the ${channelType} channel.`,
+      context: { channelType },
+      cause: opts?.cause,
+    });
+    this.name = 'ChannelError';
+    this.channelType = channelType;
+  }
+}
+
+export class PluginError extends OPCError {
+  public readonly pluginName: string;
+
+  constructor(pluginName: string, message: string, opts?: { hint?: string; cause?: Error }) {
+    super(message, {
+      code: 'OPC_PLUGIN_ERROR',
+      hint: opts?.hint ?? `Check plugin "${pluginName}" configuration.`,
+      context: { pluginName },
+      cause: opts?.cause,
+    });
+    this.name = 'PluginError';
+    this.pluginName = pluginName;
+  }
+}
+
+export class RateLimitError extends OPCError {
+  public readonly retryAfterMs?: number;
+
+  constructor(message?: string, retryAfterMs?: number) {
+    super(message ?? 'Rate limit exceeded. Please slow down.', {
+      code: 'OPC_RATE_LIMIT',
+      hint: retryAfterMs ? `Try again in ${Math.ceil(retryAfterMs / 1000)} seconds.` : 'Please wait before sending more messages.',
+      context: { retryAfterMs },
+    });
+    this.name = 'RateLimitError';
+    this.retryAfterMs = retryAfterMs;
+  }
+}
+
+export class SecurityError extends OPCError {
+  constructor(message: string, hint?: string) {
+    super(message, { code: 'OPC_SECURITY_ERROR', hint: hint ?? 'This request was blocked for security reasons.' });
+    this.name = 'SecurityError';
+  }
+}
+
+export class TimeoutError extends OPCError {
+  constructor(operation: string, timeoutMs: number) {
+    super(`Operation "${operation}" timed out after ${timeoutMs}ms`, {
+      code: 'OPC_TIMEOUT',
+      hint: 'The operation took too long. Try again or increase the timeout.',
+      context: { operation, timeoutMs },
+    });
+    this.name = 'TimeoutError';
+  }
+}
+
+/**
+ * Wrap an unknown thrown value into an OPCError.
+ */
+export function wrapError(err: unknown, fallbackMessage = 'An unexpected error occurred'): OPCError {
+  if (err instanceof OPCError) return err;
+  if (err instanceof Error) return new OPCError(err.message, { cause: err });
+  return new OPCError(typeof err === 'string' ? err : fallbackMessage);
+}
+
+/**
+ * Format error for user display (no stack traces).
+ */
+export function formatErrorForUser(err: unknown): string {
+  if (err instanceof OPCError) return err.toUserMessage();
+  if (err instanceof Error) return err.message;
+  return String(err);
+}

package/src/core/security.ts

@@ -0,0 +1,171 @@
+/**
+ * Security Hardening Module - v1.0.0
+ * Input sanitization, CORS, security headers, API key rotation.
+ */
+
+import type { Request, Response, NextFunction } from 'express';
+
+// ── Input Sanitization ──────────────────────────────────────
+
+const XSS_PATTERNS = [
+  /<script\b[^>]*>[\s\S]*?<\/script>/gi,
+  /javascript:/gi,
+  /on\w+\s*=/gi,
+  /<iframe\b/gi,
+  /<object\b/gi,
+  /<embed\b/gi,
+  /<form\b/gi,
+];
+
+const SQL_PATTERNS = [
+  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER|CREATE|EXEC)\b.*\b(FROM|INTO|TABLE|SET|WHERE|ALL)\b)/gi,
+  /(--|;)\s*(DROP|ALTER|DELETE)/gi,
+];
+
+export function sanitizeInput(input: string): string {
+  let clean = input;
+  for (const pattern of XSS_PATTERNS) {
+    clean = clean.replace(pattern, '');
+  }
+  // Encode dangerous HTML entities
+  clean = clean.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  return clean;
+}
+
+export function detectInjection(input: string): { safe: boolean; threats: string[] } {
+  const threats: string[] = [];
+  for (const pattern of XSS_PATTERNS) {
+    if (pattern.test(input)) threats.push('xss');
+    pattern.lastIndex = 0;
+  }
+  for (const pattern of SQL_PATTERNS) {
+    if (pattern.test(input)) threats.push('sql_injection');
+    pattern.lastIndex = 0;
+  }
+  return { safe: threats.length === 0, threats: [...new Set(threats)] };
+}
+
+// ── Security Headers (Helmet-style) ────────────────────────
+
+export interface SecurityHeadersConfig {
+  contentSecurityPolicy?: string;
+  enableHSTS?: boolean;
+  frameDeny?: boolean;
+  xssProtection?: boolean;
+  noSniff?: boolean;
+  referrerPolicy?: string;
+}
+
+export function securityHeaders(config?: SecurityHeadersConfig) {
+  const csp = config?.contentSecurityPolicy ?? "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'";
+  return (_req: Request, res: Response, next: NextFunction): void => {
+    res.setHeader('Content-Security-Policy', csp);
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', config?.frameDeny !== false ? 'DENY' : 'SAMEORIGIN');
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    res.setHeader('Referrer-Policy', config?.referrerPolicy ?? 'strict-origin-when-cross-origin');
+    if (config?.enableHSTS !== false) {
+      res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+    }
+    res.removeHeader('X-Powered-By');
+    next();
+  };
+}
+
+// ── CORS Configuration ──────────────────────────────────────
+
+export interface CORSConfig {
+  origins?: string[];
+  methods?: string[];
+  allowHeaders?: string[];
+  credentials?: boolean;
+  maxAge?: number;
+}
+
+export function corsMiddleware(config?: CORSConfig) {
+  const origins = config?.origins ?? ['*'];
+  const methods = config?.methods ?? ['GET', 'POST', 'OPTIONS'];
+  const headers = config?.allowHeaders ?? ['Content-Type', 'Authorization'];
+
+  return (req: Request, res: Response, next: NextFunction): void => {
+    const origin = req.headers.origin ?? '';
+    if (origins.includes('*') || origins.includes(origin)) {
+      res.setHeader('Access-Control-Allow-Origin', origins.includes('*') ? '*' : origin);
+    }
+    res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
+    res.setHeader('Access-Control-Allow-Headers', headers.join(', '));
+    if (config?.credentials) res.setHeader('Access-Control-Allow-Credentials', 'true');
+    if (config?.maxAge) res.setHeader('Access-Control-Max-Age', String(config.maxAge));
+    if (req.method === 'OPTIONS') { res.status(204).end(); return; }
+    next();
+  };
+}
+
+// ── API Key Rotation ────────────────────────────────────────
+
+export interface APIKeyEntry {
+  key: string;
+  label?: string;
+  createdAt: number;
+  expiresAt?: number;
+  active: boolean;
+}
+
+export class APIKeyManager {
+  private keys: APIKeyEntry[] = [];
+
+  addKey(key: string, opts?: { label?: string; expiresAt?: number }): void {
+    this.keys.push({ key, label: opts?.label, createdAt: Date.now(), expiresAt: opts?.expiresAt, active: true });
+  }
+
+  revokeKey(key: string): boolean {
+    const entry = this.keys.find(k => k.key === key);
+    if (entry) { entry.active = false; return true; }
+    return false;
+  }
+
+  isValid(key: string): boolean {
+    const entry = this.keys.find(k => k.key === key);
+    if (!entry || !entry.active) return false;
+    if (entry.expiresAt && Date.now() > entry.expiresAt) { entry.active = false; return false; }
+    return true;
+  }
+
+  rotateKey(oldKey: string, newKey: string): boolean {
+    const entry = this.keys.find(k => k.key === oldKey && k.active);
+    if (!entry) return false;
+    entry.active = false;
+    this.addKey(newKey, { label: entry.label });
+    return true;
+  }
+
+  listActive(): APIKeyEntry[] {
+    return this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
+  }
+
+  cleanup(): number {
+    const before = this.keys.length;
+    this.keys = this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
+    return before - this.keys.length;
+  }
+}
+
+// ── Input Validation Middleware ──────────────────────────────
+
+export function inputValidation() {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    if (req.body?.message && typeof req.body.message === 'string') {
+      const check = detectInjection(req.body.message);
+      if (!check.safe) {
+        res.status(400).json({ error: 'Input contains potentially unsafe content', threats: check.threats });
+        return;
+      }
+      // Limit message size
+      if (req.body.message.length > 100_000) {
+        res.status(413).json({ error: 'Message too large (max 100KB)' });
+        return;
+      }
+    }
+    next();
+  };
+}

package/src/core/watch.ts

@@ -0,0 +1,178 @@
+import { EventEmitter } from 'events';
+
+/**
+ * ProcessWatcher — Background process output monitoring with pattern matching.
+ *
+ * Inspired by Hermes Agent's watch_patterns feature.
+ * Set patterns to watch for in background process output and get callbacks
+ * when they match — no polling needed.
+ *
+ * Usage:
+ *   const watcher = new ProcessWatcher();
+ *   watcher.watch(childProcess.stdout, {
+ *     patterns: [
+ *       { regex: /listening on port (\d+)/, label: 'server-ready' },
+ *       { regex: /error|Error|ERROR/, label: 'error-detected' },
+ *       { regex: /build completed/, label: 'build-done', once: true },
+ *     ],
+ *     onMatch: (match) => console.log(`[${match.label}] ${match.line}`),
+ *   });
+ */
+
+export interface WatchPattern {
+  /** Regex to match against each line of output */
+  regex: RegExp;
+  /** Human-readable label for this pattern */
+  label: string;
+  /** If true, auto-remove after first match */
+  once?: boolean;
+}
+
+export interface WatchMatch {
+  /** Pattern label */
+  label: string;
+  /** The full line that matched */
+  line: string;
+  /** Regex match groups */
+  groups: string[];
+  /** Timestamp of match */
+  timestamp: number;
+  /** Stream source */
+  stream: 'stdout' | 'stderr';
+}
+
+export interface WatchOptions {
+  /** Patterns to match */
+  patterns: WatchPattern[];
+  /** Callback on match */
+  onMatch: (match: WatchMatch) => void;
+  /** Optional: max matches to keep in history (default: 100) */
+  maxHistory?: number;
+}
+
+export class ProcessWatcher extends EventEmitter {
+  private watchers = new Map<string, {
+    patterns: WatchPattern[];
+    onMatch: (match: WatchMatch) => void;
+    history: WatchMatch[];
+    maxHistory: number;
+  }>();
+
+  private watcherIdCounter = 0;
+
+  /**
+   * Start watching a readable stream for patterns.
+   * Returns a watcher ID that can be used to stop watching.
+   */
+  watch(
+    stream: NodeJS.ReadableStream,
+    options: WatchOptions,
+    streamName: 'stdout' | 'stderr' = 'stdout',
+  ): string {
+    const id = `watcher_${++this.watcherIdCounter}`;
+    const state = {
+      patterns: [...options.patterns],
+      onMatch: options.onMatch,
+      history: [] as WatchMatch[],
+      maxHistory: options.maxHistory ?? 100,
+    };
+    this.watchers.set(id, state);
+
+    let buffer = '';
+
+    const onData = (chunk: Buffer | string) => {
+      buffer += chunk.toString();
+      const lines = buffer.split('\n');
+      buffer = lines.pop() ?? ''; // Keep incomplete line in buffer
+
+      for (const line of lines) {
+        this.matchLine(id, line, streamName);
+      }
+    };
+
+    stream.on('data', onData);
+    stream.on('end', () => {
+      // Process remaining buffer
+      if (buffer) this.matchLine(id, buffer, streamName);
+      this.watchers.delete(id);
+      this.emit('watcher:end', id);
+    });
+
+    return id;
+  }
+
+  /**
+   * Watch both stdout and stderr of a ChildProcess.
+   */
+  watchProcess(
+    proc: { stdout?: NodeJS.ReadableStream | null; stderr?: NodeJS.ReadableStream | null },
+    options: WatchOptions,
+  ): string[] {
+    const ids: string[] = [];
+    if (proc.stdout) ids.push(this.watch(proc.stdout, options, 'stdout'));
+    if (proc.stderr) ids.push(this.watch(proc.stderr, options, 'stderr'));
+    return ids;
+  }
+
+  /** Stop a specific watcher */
+  unwatch(id: string): void {
+    this.watchers.delete(id);
+  }
+
+  /** Get match history for a watcher */
+  getHistory(id: string): WatchMatch[] {
+    return this.watchers.get(id)?.history ?? [];
+  }
+
+  /** Add a pattern to an existing watcher */
+  addPattern(id: string, pattern: WatchPattern): void {
+    const state = this.watchers.get(id);
+    if (state) state.patterns.push(pattern);
+  }
+
+  /** Remove a pattern by label from a watcher */
+  removePattern(id: string, label: string): void {
+    const state = this.watchers.get(id);
+    if (state) {
+      state.patterns = state.patterns.filter(p => p.label !== label);
+    }
+  }
+
+  private matchLine(watcherId: string, line: string, stream: 'stdout' | 'stderr'): void {
+    const state = this.watchers.get(watcherId);
+    if (!state) return;
+
+    const toRemove: number[] = [];
+
+    for (let i = 0; i < state.patterns.length; i++) {
+      const pattern = state.patterns[i];
+      const m = line.match(pattern.regex);
+      if (m) {
+        const match: WatchMatch = {
+          label: pattern.label,
+          line,
+          groups: m.slice(1),
+          timestamp: Date.now(),
+          stream,
+        };
+
+        state.history.push(match);
+        if (state.history.length > state.maxHistory) {
+          state.history.shift();
+        }
+
+        state.onMatch(match);
+        this.emit('match', match);
+
+        if (pattern.once) {
+          toRemove.push(i);
+        }
+      }
+    }
+
+    // Remove once-patterns in reverse order
+    for (let i = toRemove.length - 1; i >= 0; i--) {
+      state.patterns.splice(toRemove[i], 1);
+    }
+  }
+}

package/src/index.ts

@@ -93,3 +93,18 @@ export type { CacheConfig, CacheEntry } from './core/cache';
 export { getSupportedLocales } from './i18n';
 export { createDataAnalystConfig } from './templates/data-analyst';
 export { createTeacherConfig } from './templates/teacher';
+
+// v1.0.0 modules
+export { OPCError, ProviderError, ValidationError, ConfigError, ChannelError, PluginError, RateLimitError, SecurityError, TimeoutError, wrapError, formatErrorForUser } from './core/errors';
+export { sanitizeInput, detectInjection, securityHeaders, corsMiddleware, APIKeyManager, inputValidation } from './core/security';
+export type { SecurityHeadersConfig, CORSConfig, APIKeyEntry } from './core/security';
+export { createLoggingPlugin, createAnalyticsPlugin, createRateLimitPlugin } from './plugins';
+export type { PluginManifest } from './plugins';
+
+// v1.1.0 modules
+export { FeishuChannel } from './channels/feishu';
+export type { FeishuChannelConfig } from './channels/feishu';
+export { DiscordChannel } from './channels/discord';
+export type { DiscordChannelConfig } from './channels/discord';
+export { ProcessWatcher } from './core/watch';
+export type { WatchPattern, WatchMatch, WatchOptions } from './core/watch';

package/src/plugins/index.ts

@@ -1,10 +1,17 @@
-import type { ISkill, IChannel } from '../core/types';
+import type { ISkill, IChannel, Message } from '../core/types';
 import type { MCPTool } from '../tools/mcp';
+import { Logger } from '../core/logger';
 
 /**
- * Plugin lifecycle hooks.
+ * Plugin lifecycle hooks - v1.0.0
  */
 export interface PluginHooks {
+  onInit?: () => Promise<void>;
+  onMessage?: (message: Message) => Promise<Message | void>;
+  onResponse?: (message: Message, response: Message) => Promise<Message | void>;
+  onError?: (error: Error, context?: Record<string, unknown>) => Promise<void>;
+  onShutdown?: () => Promise<void>;
+  // Legacy aliases
   beforeInit?: () => Promise<void>;
   afterInit?: () => Promise<void>;
   beforeMessage?: (message: { content: string }) => Promise<void>;
@@ -13,7 +20,15 @@ export interface PluginHooks {
 }
 
 /**
- * Plugin interface — extend agent with skills, tools, channels, and lifecycle hooks.
+ * Plugin manifest in OAD: plugins: [{ name, config }]
+ */
+export interface PluginManifest {
+  name: string;
+  config?: Record<string, unknown>;
+}
+
+/**
+ * Plugin interface - extend agent with skills, tools, channels, and lifecycle hooks.
  */
 export interface IPlugin {
   name: string;
@@ -27,9 +42,14 @@ export interface IPlugin {
 
 export class PluginManager {
   private plugins: Map<string, IPlugin> = new Map();
+  private logger = new Logger('plugins');
 
   register(plugin: IPlugin): void {
+    if (this.plugins.has(plugin.name)) {
+      this.logger.warn(`Plugin "${plugin.name}" already registered, replacing`);
+    }
     this.plugins.set(plugin.name, plugin);
+    this.logger.info(`Plugin registered: ${plugin.name}@${plugin.version}`);
   }
 
   unregister(name: string): void {
@@ -42,9 +62,7 @@ export class PluginManager {
 
   list(): { name: string; version: string; description?: string }[] {
     return Array.from(this.plugins.values()).map(({ name, version, description }) => ({
-      name,
-      version,
-      description,
+      name, version, description,
     }));
   }
 
@@ -56,9 +74,59 @@ export class PluginManager {
     for (const plugin of this.plugins.values()) {
       const hook = plugin.hooks?.[hookName];
       if (hook) {
-        await (hook as (...a: unknown[]) => Promise<void>)(...args);
+        try {
+          await (hook as (...a: unknown[]) => Promise<void>)(...args);
+        } catch (err) {
+          this.logger.error(`Plugin "${plugin.name}" hook "${hookName}" failed`, {
+            error: err instanceof Error ? err.message : String(err),
+          });
+          // Don't let one plugin break others
+        }
+      }
+    }
+  }
+
+  async runOnInit(): Promise<void> {
+    await this.runHook('onInit');
+    await this.runHook('beforeInit');
+    await this.runHook('afterInit');
+  }
+
+  async runOnMessage(message: Message): Promise<Message> {
+    let msg = message;
+    for (const plugin of this.plugins.values()) {
+      if (plugin.hooks?.onMessage) {
+        const result = await plugin.hooks.onMessage(msg);
+        if (result) msg = result;
+      }
+      if (plugin.hooks?.beforeMessage) {
+        await plugin.hooks.beforeMessage({ content: msg.content });
       }
     }
+    return msg;
+  }
+
+  async runOnResponse(message: Message, response: Message): Promise<Message> {
+    let resp = response;
+    for (const plugin of this.plugins.values()) {
+      if (plugin.hooks?.onResponse) {
+        const result = await plugin.hooks.onResponse(message, resp);
+        if (result) resp = result;
+      }
+      if (plugin.hooks?.afterMessage) {
+        await plugin.hooks.afterMessage({ content: message.content }, { content: resp.content });
+      }
+    }
+    return resp;
+  }
+
+  async runOnError(error: Error, context?: Record<string, unknown>): Promise<void> {
+    await this.runHook('onError', error, context);
+  }
+
+  async runOnShutdown(): Promise<void> {
+    await this.runHook('onShutdown');
+    await this.runHook('beforeShutdown');
   }
 
   getAllSkills(): ISkill[] {
@@ -85,3 +153,56 @@ export class PluginManager {
     return channels;
   }
 }
+
+// ── Built-in Plugins ────────────────────────────────────────
+
+export function createLoggingPlugin(): IPlugin {
+  const logger = new Logger('agent:messages');
+  return {
+    name: 'logging',
+    version: '1.0.0',
+    description: 'Logs all messages and responses',
+    hooks: {
+      onInit: async () => { logger.info('Agent initialized'); },
+      onMessage: async (msg: Message) => { logger.info(`← ${msg.role}: ${msg.content.slice(0, 100)}`); return undefined as any; },
+      onResponse: async (_msg: Message, resp: Message) => { logger.info(`→ ${resp.role}: ${resp.content.slice(0, 100)}`); return undefined as any; },
+      onError: async (err: Error) => { logger.error(`Error: ${err.message}`); },
+      onShutdown: async () => { logger.info('Agent shutting down'); },
+    },
+  };
+}
+
+export function createAnalyticsPlugin(): IPlugin {
+  const stats = { messages: 0, errors: 0, startedAt: 0 };
+  return {
+    name: 'analytics',
+    version: '1.0.0',
+    description: 'Tracks message counts and error rates',
+    hooks: {
+      onInit: async () => { stats.startedAt = Date.now(); },
+      onMessage: async () => { stats.messages++; return undefined as any; },
+      onError: async () => { stats.errors++; },
+    },
+  };
+}
+
+export function createRateLimitPlugin(maxPerMinute = 60): IPlugin {
+  const timestamps: number[] = [];
+  return {
+    name: 'rate-limit',
+    version: '1.0.0',
+    description: `Rate limits to ${maxPerMinute} messages/minute`,
+    hooks: {
+      onMessage: async () => {
+        const now = Date.now();
+        const windowStart = now - 60_000;
+        while (timestamps.length > 0 && timestamps[0] < windowStart) timestamps.shift();
+        if (timestamps.length >= maxPerMinute) {
+          throw new Error('Rate limit exceeded. Please slow down.');
+        }
+        timestamps.push(now);
+        return undefined as any;
+      },
+    },
+  };
+}