zu-shadow 0.1.13__py3-none-any.whl

zu_shadow/__init__.py

@@ -0,0 +1,46 @@
+"""zu-shadow — author a production agent by DEMONSTRATION (§2.8).
+
+A Shadow recording *is* the event bus run over a HUMAN session: the human is the
+policy for that one run, so recording costs almost nothing architecturally — the
+recorder folds an abstract input/CDP stream into ``data.shadow.*`` events on the
+same append-only log everything else uses. Four disciplines are load-bearing:
+
+* **Redaction is DEFAULT-ON and runs BEFORE append** (``redaction``): secrets —
+  passwords, ``Authorization``/``Cookie`` headers, tokens/API keys, configured PII
+  — never reach :meth:`EventSink.append`. The "why" intent text is redacted too.
+* **Capture is SEMANTIC** (``capture``): a user action is named by its target's
+  ``{role, name, label}`` (the core ``surface`` currency, shared with §4 handles /
+  §5 SurfaceView) — never a CSS selector or pixel coordinate.
+* **The synthesizer is itself a Zu agent** (``synthesizer``): driven by a
+  ``ModelProvider`` (offline-tested with ``ScriptedProvider``), it PROPOSES an
+  agent spec + an induced ``Fsm`` + ``Invariant``s; the egress allowlist writes
+  itself from the recorded ``network.response`` hosts.
+* **Promotion is GATED by reproduced outcome** (``replay_gate``): a synthesized
+  agent does not run on real data until it reproduces the recorded outcome, reusing
+  zu-cli's ``offline.py``/``build.py``. The "why" resolutions are reviewed, never
+  auto-promoted.
+"""
+
+from __future__ import annotations
+
+from .capture import SemanticTarget, capture_click, capture_navigate, capture_type
+from .recorder import RecordedSession, Recorder
+from .redaction import RedactionPolicy, redact_event, redact_text
+from .replay_gate import PromotionVerdict, verify_and_gate
+from .synthesizer import SynthesisResult, Synthesizer
+
+__all__ = [
+    "PromotionVerdict",
+    "RecordedSession",
+    "Recorder",
+    "RedactionPolicy",
+    "SemanticTarget",
+    "SynthesisResult",
+    "Synthesizer",
+    "capture_click",
+    "capture_navigate",
+    "capture_type",
+    "redact_event",
+    "redact_text",
+    "verify_and_gate",
+]

zu_shadow/capture.py

@@ -0,0 +1,119 @@
+"""SEMANTIC-TARGET capture — name an action by WHAT it acts on, not WHERE.
+
+Every captured user action identifies its target by ``{role, name, label}`` — the
+same accessibility-grounded currency the core ``surface`` types speak (§4 handles /
+§5 ``SurfaceView``). NEVER a CSS selector, an XPath, or a pixel coordinate: those
+are brittle (a redesign breaks them) and untransferable (they cannot feed the §4
+locator / §5 recognizer). A semantic target re-resolves on a changed page, which is
+the whole reason a synthesized agent can be *resilient* rather than pixel-frozen.
+
+``SemanticTarget`` is a thin, frozen value object that reuses ``role``/``label``
+exactly as :class:`zu_core.surface.SurfaceAffordance` does, plus the accessible
+``name`` (the click target's accessible name). The capture helpers turn a raw
+abstract-stream event into a redaction-ready ``data.shadow.*`` payload.
+"""
+
+from __future__ import annotations
+
+from pydantic import BaseModel
+
+from zu_core import events as ev
+from zu_core.surface import SurfaceAffordance
+
+# Target role/name/label tokens that mark an input as a CREDENTIAL field, so the
+# recorder records its typed value under a credential-named key the redaction stage
+# blanks wholesale — a password is never recorded verbatim, even pre-redaction-sweep.
+_CREDENTIAL_TARGET_HINTS: tuple[str, ...] = ("password", "passwd", "secret", "token",
+                                             "api key", "api_key", "apikey", "otp",
+                                             "cvv", "cvc", "pin", "security code",
+                                             # payment-card secrets — the agent must NEVER hold
+                                             # these; a real payment goes through the §8 broker.
+                                             "card number", "cardnumber", "card no",
+                                             "credit card", "debit card", "expiration", "expiry",
+                                             "iban", "sort code", "account number")
+
+
+class SemanticTarget(BaseModel):
+    """A user-action target, identified the way the core surface currency does:
+    ``role`` (a free string, e.g. ``button``/``link``/``textbox``), the accessible
+    ``name``, and a human ``label``. NO selector, NO coordinates — re-resolvable on
+    a changed page. Frozen so it is a stable value on the log."""
+
+    model_config = {"frozen": True}
+
+    role: str
+    name: str = ""
+    label: str = ""
+
+    @classmethod
+    def from_affordance(cls, a: SurfaceAffordance, *, name: str = "") -> SemanticTarget:
+        """Build a target from a core ``SurfaceAffordance`` — the bridge from a §5
+        SurfaceView the live recorder reduced to a recorded action target. The
+        affordance's ``label`` carries through; ``name`` is the accessible name the
+        CDP locate step resolved (the affordance has no separate name field)."""
+        return cls(role=a.role, name=name or a.label, label=a.label)
+
+    def to_payload(self) -> dict:
+        return {"role": self.role, "name": self.name, "label": self.label}
+
+
+def capture_click(target: SemanticTarget, *, intent: str | None = None) -> tuple[str, dict]:
+    """A ``data.shadow.user.click`` (type, payload). ``intent`` is the OPTIONAL,
+    reviewed "why" narration — carried but NEVER auto-promoted into the agent."""
+    payload: dict = {"target": target.to_payload()}
+    if intent is not None:
+        payload["intent"] = intent
+    return ev.SHADOW_USER_CLICK, payload
+
+
+def _is_credential_target(target: SemanticTarget) -> bool:
+    """A type target whose role/name/label marks it as a credential input — so its
+    value is recorded under a credential-named key the redaction stage blanks."""
+    blob = f"{target.role} {target.name} {target.label}".lower()
+    return any(h in blob for h in _CREDENTIAL_TARGET_HINTS)
+
+
+def capture_type(target: SemanticTarget, value: str, *,
+                 intent: str | None = None) -> tuple[str, dict]:
+    """A ``data.shadow.user.type`` (type, payload). The recorder MARKS a credential
+    target: a password/secret field's value goes under a ``password`` key that the
+    redaction stage (run before append) blanks wholesale, so a credential is never
+    recorded verbatim. A non-credential value rides under ``value`` and is still
+    swept for token shapes by redaction. Capture marks; redaction enforces the floor."""
+    payload: dict = {"target": target.to_payload()}
+    if _is_credential_target(target):
+        payload["password"] = value  # credential-named ⇒ redaction blanks it wholesale
+    else:
+        payload["value"] = value
+    if intent is not None:
+        payload["intent"] = intent
+    return ev.SHADOW_USER_TYPE, payload
+
+
+def capture_navigate(url: str, *, intent: str | None = None) -> tuple[str, dict]:
+    """A ``data.shadow.user.navigate`` (type, payload). The URL is redaction-swept
+    (credentials/tokens in the query stripped) before it reaches the log."""
+    payload: dict = {"url": url}
+    if intent is not None:
+        payload["intent"] = intent
+    return ev.SHADOW_USER_NAVIGATE, payload
+
+
+def capture_page_loaded(url: str, title: str) -> tuple[str, dict]:
+    """A ``data.shadow.page.loaded`` (type, payload) — a settled page; the locus a
+    subsequent action's semantic target re-resolves against."""
+    return ev.SHADOW_PAGE_LOADED, {"url": url, "title": title}
+
+
+def capture_network_response(url: str, status: int, host: str) -> tuple[str, dict]:
+    """A ``data.shadow.network.response`` (type, payload) — METADATA only (no body,
+    no headers beyond the host). The synthesized agent's egress allowlist is induced
+    from the ``host`` values across these events."""
+    return ev.SHADOW_NETWORK_RESPONSE, {"url": url, "status": status, "host": host}
+
+
+def capture_scroll(direction: str, y: int = 0) -> tuple[str, dict]:
+    """A ``data.shadow.user.scroll`` (type, payload) — a settled scroll up/down. Context,
+    not an action step: it records that the human had to scroll to reach the next thing."""
+    d = direction if direction in ("up", "down") else "down"
+    return ev.SHADOW_USER_SCROLL, {"direction": d, "y": int(y)}

zu_shadow/executor.py

@@ -0,0 +1,273 @@
+"""The live executor — the agent USES a Shadow recording to do the task itself, and
+GENERALISES it.
+
+Record the task once (buy a muzzle); Shadow synthesises the path; this executor then
+RE-RUNS it on the live site — and the next run can vary it (search "collars" instead of
+"muzzles"). It is the §1.5 division made concrete: the recording bounds the action space
+(the demonstrated procedure + semantic anchors), and where the live page diverges from
+the demonstration the MODEL proposes within the bounded affordance set while the harness
+disposes. Three resolution modes per step:
+
+  * EXACT   — the demonstrated target still exists (a fixed-flow control like "Add to
+              cart" / "Check out") → re-resolve it by role+name and act.
+  * PARAM   — a typed value is overridden ("muzzles" → "collars"; the customer's own
+              name/address) → type the override into the field.
+  * MODEL   — the demonstrated specific target is GONE (you searched collars, so the
+              muzzle product link isn't there) → the model picks the best handle from the
+              CURRENT affordances (it emits a handle, never a selector), generalising.
+
+The COMMIT BOUNDARY (a payment / place-order step) is never auto-crossed: the executor
+escalates before it (a real payment is a §8 brokered capability, never the captured card).
+The browser is an injected ``BrowserSession`` — a fake drives it at $0 in tests; the live
+Playwright binding drives real Chrome.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from typing import Any, Protocol, runtime_checkable
+
+from zu_core import events as ev
+from zu_core.ports import ModelProvider, ModelRequest
+from zu_core.surface import SurfaceView
+
+from .redaction import REDACTED
+
+_CLICKABLE = frozenset({"button", "link", "checkbox", "radio", "switch", "tab",
+                        "menuitem", "option", "row", "gridcell"})
+_FIELDS = frozenset({"textbox", "searchbox", "combobox"})
+# Steps whose name names an irreversible money/commit action — never auto-crossed.
+_COMMIT = re.compile(r"(?i)\b(place order|pay now|pay$|buy now|complete (order|purchase|"
+                     r"payment)|confirm (and )?pay|submit order|checkout & pay)\b")
+# A payment-card field — the agent must NEVER type a card; a real payment is a §8 brokered
+# capability. A redacted secret value means the same: the agent doesn't hold the secret.
+_PAYMENT_FIELD = re.compile(r"(?i)\b(card number|cardnumber|card no|credit card|debit card|"
+                            r"expiration|expiry|cvv|cvc|security code|iban|sort code|"
+                            r"account number)\b")
+
+
+@dataclass(frozen=True)
+class Step:
+    """One step of the demonstrated path: what to do, on what (by role+name), the value
+    typed, the human's why, and whether it crosses the commit boundary."""
+    kind: str            # "click" | "type" | "navigate"
+    role: str = ""
+    name: str = ""
+    value: str | None = None
+    intent: str | None = None
+    committing: bool = False
+
+
+@dataclass
+class StepOutcome:
+    step: Step
+    via: str             # "exact" | "param" | "model" | "navigate" | "escalated" | "unresolved"
+    handle: str | None = None
+    value: str | None = None
+    ok: bool = True
+    detail: str = ""
+
+
+@dataclass
+class RunReport:
+    outcomes: list[StepOutcome] = field(default_factory=list)
+    completed: bool = False
+    escalated_at: int | None = None
+
+    @property
+    def acted(self) -> list[StepOutcome]:
+        return [o for o in self.outcomes if o.handle is not None]
+
+
+@runtime_checkable
+class BrowserSession(Protocol):
+    """The live browser the executor drives. The fake test double and the live Playwright
+    binding both satisfy this. ``perceive`` returns the CURRENT page's affordances (the
+    Action Surface); ``act`` operates one by its opaque handle (never a selector)."""
+
+    def perceive(self) -> SurfaceView: ...
+    def act(self, handle: str, kind: str, value: str | None = None) -> None: ...
+    def current_url(self) -> str: ...
+
+
+def _norm(s: str | None) -> str:
+    return re.sub(r"\s+", " ", (s or "")).strip().lower()
+
+
+def steps_from_recording(events: list[Any]) -> list[Step]:
+    """Turn a recording's events into the executable path: clicks/types/navigates, with the
+    same cleanup the synthesizer applies (drop a focus-click before a type on the same
+    target; collapse a consecutive duplicate), and the commit boundary marked."""
+    raw: list[Step] = []
+    for e in events:
+        t = getattr(e, "type", "")
+        p = getattr(e, "payload", {}) or {}
+        if t == ev.SHADOW_USER_NAVIGATE:
+            raw.append(Step(kind="navigate", value=p.get("url", "")))
+            continue
+        if t not in (ev.SHADOW_USER_CLICK, ev.SHADOW_USER_TYPE):
+            continue
+        tgt = p.get("target", {}) or {}
+        kind = "click" if t == ev.SHADOW_USER_CLICK else "type"
+        name = tgt.get("name") or tgt.get("label") or ""
+        value = p.get("value")
+        if value is None:
+            value = p.get("password")  # a credential field's (redacted) value lives under this key
+        committing = (
+            (kind == "click" and bool(_COMMIT.search(name)))  # an irreversible order/pay click
+            or value == REDACTED                              # a step needing a secret the agent lacks
+            or bool(_PAYMENT_FIELD.search(name))              # a payment-card field — brokered (§8)
+        )
+        raw.append(Step(kind=kind, role=tgt.get("role", ""), name=name,
+                        value=value, intent=p.get("intent"), committing=committing))
+    # R2: drop a focus-click immediately followed by a type on the same target. R1: collapse
+    # a consecutive duplicate. (The whys live on the events and are reviewed separately.)
+    out: list[Step] = []
+    for i, s in enumerate(raw):
+        if s.kind == "click" and i + 1 < len(raw):
+            nxt = raw[i + 1]
+            if nxt.kind == "type" and _norm(nxt.name) == _norm(s.name):
+                continue
+        if out and out[-1].kind == s.kind and _norm(out[-1].name) == _norm(s.name) \
+                and out[-1].value == s.value:
+            continue
+        out.append(s)
+    return out
+
+
+def _match(surface: SurfaceView, role: str, name: str) -> str | None:
+    """Re-resolve the demonstrated target on the CURRENT page by role+name: an exact label
+    match first, then a contained match (robust to small label drift)."""
+    nm = _norm(name)
+    if not nm:
+        return None
+    for a in surface.affordances:
+        if _norm(a.label) == nm:
+            return a.handle
+    for a in surface.affordances:
+        al = _norm(a.label)
+        if al and (nm in al or al in nm) and (not role or a.role == role or
+                                              (role in _FIELDS and a.role in _FIELDS)):
+            return a.handle
+    return None
+
+
+def _first_field(surface: SurfaceView) -> str | None:
+    for a in surface.affordances:
+        if a.role in _FIELDS:
+            return a.handle
+    return None
+
+
+# A control that dismisses a blocking overlay (cookie/consent banner, popup) that the
+# demonstration didn't include — generic verbs only, anchored so it matches a dismiss button,
+# not "Accept terms" text. Accepting/closing a banner is reversible; it just unblocks the step.
+_DISMISS = re.compile(r"(?i)^(accept( all)?( cookies)?|agree|i agree|allow( all)?|got it|"
+                      r"ok(ay)?|continue|close|dismiss|no thanks|reject( all)?|"
+                      r"accept all cookies)$")
+
+
+def _interstitial(surface: SurfaceView) -> str | None:
+    """A dismiss control for a cookie/consent/popup overlay blocking the step — so the run
+    isn't derailed by an interstitial that wasn't in the recording."""
+    for a in surface.affordances:
+        if a.role in ("button", "link") and _DISMISS.match(_norm(a.label)):
+            return a.handle
+    return None
+
+
+def _resolve_exact(step: Step, surface: SurfaceView,
+                   ov: dict[str, str]) -> tuple[str | None, str, str | None]:
+    """Resolve a step WITHOUT the model: EXACT re-resolve (the demonstrated target by
+    role+name) or PARAM (type an override into a field). The model-choice generalisation is
+    the LAST resort, tried only after exact retries fail — so a lazy-loading or banner-blocked
+    page is retried for the real control instead of the model grabbing a wrong one."""
+    value = ov.get(_norm(step.name), step.value) if step.kind == "type" else None
+    handle = _match(surface, step.role, step.name)
+    if handle is not None:
+        return handle, "exact", value
+    if step.kind == "type":
+        f = _first_field(surface)
+        if f is not None:
+            return f, "param", value
+    return None, "", value
+
+
+async def _model_choose(step: Step, surface: SurfaceView, model: ModelProvider) -> str | None:
+    """GENERALISE: the demonstrated control is gone, so the model picks the handle that best
+    continues the task — bounded to the CURRENT affordances (it emits a handle, never a
+    selector). A reply that names no real handle resolves to None → escalate, never guess."""
+    clickable = [a for a in surface.affordances if a.role in _CLICKABLE]
+    if not clickable:
+        return None
+    listing = "\n".join(f'{a.handle}: {a.role} "{a.label}"' for a in clickable)
+    goal = step.intent or f"{step.kind} {step.name}".strip()
+    req = ModelRequest(messages=[
+        {"role": "system", "content": "You drive a web agent following a known task on a live "
+         "site. The demonstrated control is not on this page. Pick the SINGLE affordance handle "
+         "that best continues the task. Reply with ONLY the handle (e.g. a3)."},
+        {"role": "user", "content": f"Step to continue: {goal}\nAffordances:\n{listing}\n\nHandle:"},
+    ])
+    resp = await model.complete(req)
+    handles = {a.handle for a in clickable}
+    for tok in re.findall(r"[A-Za-z]+\w*", resp.text or ""):
+        if tok in handles:
+            return tok
+    return None
+
+
+async def execute(
+    steps: list[Step],
+    session: BrowserSession,
+    model: ModelProvider,
+    *,
+    overrides: dict[str, str] | None = None,
+    on_commit: str = "escalate",
+    max_retries: int = 2,
+) -> RunReport:
+    """Drive the demonstrated path on the live ``session``, generalising via ``overrides``
+    (a typed value keyed by the step's name, e.g. {"search": "collars"}) and the model for
+    unmatched controls. When a target isn't found, dismiss a blocking interstitial (cookie /
+    consent / popup) and RE-PERCEIVE before escalating — so a banner that wasn't in the
+    recording, or content still loading, doesn't derail the run. Stops at the commit boundary."""
+    ov = {_norm(k): v for k, v in (overrides or {}).items()}
+    report = RunReport()
+    for i, step in enumerate(steps):
+        if step.kind == "navigate":
+            report.outcomes.append(StepOutcome(step, "navigate"))  # a consequence of the prior act
+            continue
+        if step.committing and on_commit == "escalate":
+            report.outcomes.append(StepOutcome(step, "escalated", ok=False,
+                                               detail="commit boundary — route to a human / the broker"))
+            report.escalated_at = i
+            return report
+
+        surface = session.perceive()
+        handle, via, value = _resolve_exact(step, surface, ov)
+        tries = 0
+        while handle is None and tries < max_retries:
+            inter = _interstitial(surface)
+            if inter is not None:  # dismiss a cookie/consent/popup that wasn't demonstrated
+                session.act(inter, "click", None)
+                report.outcomes.append(StepOutcome(
+                    Step(kind="click", role="button", name="(dismiss interstitial)"),
+                    "interstitial", handle=inter))
+            surface = session.perceive()  # re-perceive: the banner is gone / content settled
+            handle, via, value = _resolve_exact(step, surface, ov)
+            tries += 1
+
+        if handle is None and step.kind == "click":  # GENERALISE only after exact retries fail
+            handle, via = await _model_choose(step, surface, model), "model"
+
+        if handle is None:
+            report.outcomes.append(StepOutcome(step, "unresolved", ok=False,
+                                               detail="no resolvable target — escalate"))
+            report.escalated_at = i
+            return report
+
+        session.act(handle, step.kind, value)
+        report.outcomes.append(StepOutcome(step, via, handle=handle, value=value))
+
+    report.completed = True
+    return report

zu_shadow/live.py

@@ -0,0 +1,106 @@
+"""The LIVE recorder binding — real Chromium + a real human, over CDP.
+
+This is the demo/manual half of Shadow: it drives a real browser and watches a real
+human do the task, translating CDP events into the SAME abstract ``RawInput`` items
+the offline recorder consumes. Because the live binding produces the identical
+stream the synthetic tests do, the offline core (recorder → redaction → synthesizer
+→ replay gate) is exercised exactly as it is live — nothing about the live path is
+special-cased downstream.
+
+It is NOT unit-tested offline (it needs a real Chromium + a human), so it sits
+behind the ``live`` extra and this manual entrypoint, guarded so importing it
+without the browser tools fails with an actionable message rather than at runtime.
+The accessibility tree (CDP ``Accessibility.getFullAXTree`` / the §4 locate op) is
+what makes capture SEMANTIC: each interacted node is resolved to its
+``{role, name, label}`` — never a selector or coordinate — before it becomes a
+``RawInput``.
+"""
+
+from __future__ import annotations
+
+from collections.abc import AsyncIterator
+
+from zu_core.bus import EventBus
+
+from .capture import SemanticTarget
+from .recorder import RawInput, RecordedSession, Recorder
+from .redaction import RedactionPolicy
+
+
+def _require_browser() -> None:
+    try:
+        import zu_tools.browser  # noqa: F401
+    except ModuleNotFoundError as exc:  # pragma: no cover - live-only path
+        raise RuntimeError(
+            "the live Shadow recorder needs the browser tools: pip install 'zu-shadow[live]'. "
+            "The offline core (synthetic stream → recorder → synthesizer → gate) needs none."
+        ) from exc
+
+
+def ax_node_to_target(node: dict) -> SemanticTarget:
+    """Resolve one CDP accessibility node to a SEMANTIC target — its role, accessible
+    name, and label. The single place selectors/coordinates are deliberately DROPPED
+    (a live click's pixel position never becomes part of the record)."""
+    name = str(node.get("name", "") or "")
+    return SemanticTarget(
+        role=str(node.get("role", "") or "generic"),
+        name=name,
+        label=str(node.get("label", "") or name),
+    )
+
+
+async def record_live(  # pragma: no cover - live-only, manual entrypoint
+    cdp_events: AsyncIterator[dict],
+    *,
+    site: str,
+    bus: EventBus | None = None,
+    policy: RedactionPolicy | None = None,
+) -> RecordedSession:
+    """Drive a live recording from a stream of CDP events. Translates each CDP event
+    into a ``RawInput`` (resolving interacted nodes to semantic targets via the AX
+    tree) and folds it through the SAME :class:`Recorder` the offline path uses, so
+    redaction-before-append holds identically on a live session.
+
+    Manual entrypoint: requires the browser tools and a real CDP source. Wire a real
+    Chromium target's CDP feed as ``cdp_events`` (e.g. via ``zu_tools.browser``).
+    """
+    _require_browser()
+    bus = bus or EventBus()
+    recorder = Recorder(bus, site=site, policy=policy)
+    await recorder.start()
+    async for cdp in cdp_events:
+        item = _cdp_to_raw(cdp)
+        if item is not None:
+            await recorder.record(item)
+    await recorder.end()
+    events = await bus.query()
+    return RecordedSession(site=site, events=list(events))
+
+
+def _cdp_to_raw(cdp: dict) -> RawInput | None:
+    """Map one CDP event to a ``RawInput`` (or None to skip). Mirrors the abstract
+    kinds the offline stream uses; the live CDP method names are translated here so
+    the rest of Shadow never sees CDP."""
+    method = cdp.get("method", "")
+    params = cdp.get("params", {}) or {}
+    if method == "Input.dispatchMouseEvent" and params.get("type") == "mousePressed":
+        node = params.get("ax_node", {})
+        return RawInput(kind="click", target=ax_node_to_target(node),
+                        intent=params.get("intent"))
+    if method == "Input.insertText":
+        node = params.get("ax_node", {})
+        return RawInput(kind="type", target=ax_node_to_target(node),
+                        value=params.get("text", ""), intent=params.get("intent"))
+    if method == "Page.navigate":
+        return RawInput(kind="navigate", url=params.get("url", ""),
+                        intent=params.get("intent"))
+    if method == "Page.frameStoppedLoading" or method == "Page.loadEventFired":
+        return RawInput(kind="page", url=params.get("url", ""), title=params.get("title", ""))
+    if method == "Network.responseReceived":
+        resp = params.get("response", {}) or {}
+        url = resp.get("url", "")
+        from urllib.parse import urlsplit
+
+        return RawInput(kind="network", url=url, status=int(resp.get("status", 0)),
+                        host=urlsplit(url).hostname or "")
+    return None