From f8a2664189b5fcd1443589f275bd33ab5814ae3e Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 11:30:52 -0700 Subject: [PATCH 1/8] docs: add Microsoft Entra ID setup guide (GRO-96) New page at /guides/user-sources/microsoft-entra-id/ walks through registering an Entra ID app for use as a User Source: app registration, redirect URL, client secret, openid permission, then the value mapping into Arcade's User Source form. Audience is an admin who isn't an OIDC expert. The page uses only the four terms shared with Arcade's User Source form (issuer URL, client ID, client secret, subject claim); plain-English everywhere else, with explicit mappings between Entra labels and Arcade fields. Includes: - single-directory vs any-directory choice framed in plain terms, with the corresponding issuer URL variant for each - recommendation to use `oid` for the subject claim, with the one-line reason - PKCE note (Entra accepts it automatically; no extra setting) - note that certificate credentials aren't supported today - TODO screenshot placeholders at the natural spots in the Steps block Add Entra and Entra ID to the Arcade Vale vocabulary. Co-Authored-By: Claude Opus 4.7 (1M context) --- app/en/guides/user-sources/_meta.tsx | 6 +- .../user-sources/microsoft-entra-id/page.mdx | 99 +++++++++++++++++++ styles/config/vocabularies/Arcade/accept.txt | 2 + 3 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 app/en/guides/user-sources/microsoft-entra-id/page.mdx diff --git a/app/en/guides/user-sources/_meta.tsx b/app/en/guides/user-sources/_meta.tsx index d8e563d9e..b00952006 100644 --- a/app/en/guides/user-sources/_meta.tsx +++ b/app/en/guides/user-sources/_meta.tsx @@ -1,5 +1,9 @@ import type { MetaRecord } from "nextra"; -export const meta: MetaRecord = {}; +export const meta: MetaRecord = { + "microsoft-entra-id": { + title: "Microsoft Entra ID", + }, +}; export default meta; diff --git a/app/en/guides/user-sources/microsoft-entra-id/page.mdx b/app/en/guides/user-sources/microsoft-entra-id/page.mdx new file mode 100644 index 000000000..827226fe2 --- /dev/null +++ b/app/en/guides/user-sources/microsoft-entra-id/page.mdx @@ -0,0 +1,99 @@ +--- +title: "Microsoft Entra ID" +description: "Use Microsoft Entra ID as a User Source so people who already sign in with Microsoft work or school accounts can sign in to your MCP Gateways" +--- + +import { Callout, Steps } from "nextra/components"; + +# Microsoft Entra ID + +Use Microsoft Entra ID as a User Source so the people who already sign in with their Microsoft work or school account can sign in to your MCP Gateways. This guide walks you through what to do in the Microsoft Entra admin center. Once you have the values it tells you to copy, [create the User Source in Arcade](/guides/user-sources#create-a-user-source). + +## Before you start + +- An account with one of these roles in your Microsoft Entra tenant: **Cloud Application Administrator** or **Application Administrator**. +- An Arcade project where you'll create the User Source. + +## Register an app in Microsoft Entra ID + + + +### Open the Entra admin center + +Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) with one of the roles listed above. + +Go to **Entra ID** → **App registrations** → **New registration**. + +{/* TODO: screenshot — App registrations → New registration */} + +### Name the app and choose who can sign in + +Give the app a name your team will recognize, for example `Arcade MCP Gateways`. + +Under **Supported account types**, choose one: + +- **Accounts in this organizational directory only** — only people in your own Microsoft Entra directory can sign in. Pick this unless you specifically need to accept users from other directories. +- **Accounts in any organizational directory** — people in any Microsoft Entra directory can sign in. Pick this only if you have agents that serve users from organizations you don't control. + +Your choice affects the **Issuer URL** you'll copy into Arcade later, so make a note of which option you picked. + +{/* TODO: screenshot — Supported account types radio + Redirect URI fields */} + +### Add the Arcade redirect URL + +In the **Redirect URI** section, select the **Web** platform and paste this URL: + +``` +https://cloud.arcade.dev/oauth2/intermediate_callback +``` + +Click **Register**. Entra creates the app and opens its **Overview** page. + +### Create a client secret + +In the new app's left menu, go to **Certificates & secrets** → **Client secrets** → **New client secret**. + +Add a description (for example, `Arcade User Source`) and pick an expiration period. Click **Add**. + +Copy the **Value** column immediately and keep it somewhere safe — Entra hides it as soon as you leave the page. You'll paste this into Arcade as the **Client Secret**. + +{/* TODO: screenshot — Client secret created, with the Value field circled */} + + +Arcade currently supports client secrets only, not certificate credentials. We'll add certificate support in a future release. + + +### Allow the openid permission + +In the app's left menu, go to **API permissions**. + +Microsoft adds `User.Read` for you by default — leave it alone. Then click **Add a permission** → **Microsoft Graph** → **Delegated permissions** and check **openid**. Click **Add permissions**. + +`openid` is the only permission Arcade needs. You can optionally add `profile` and `email` if you want Entra to include those claims in the token; Arcade doesn't require them today. + +{/* TODO: screenshot — API permissions screen with openid checked */} + + + +## Copy these values to Arcade + +Open the app's **Overview** page in Entra and copy these values into Arcade's User Source form: + +| Arcade field | Where to find it in Entra ID | +|---|---| +| **Issuer URL** | `https://login.microsoftonline.com/{tenant-id}/v2.0` if you picked the single-directory option, or `https://login.microsoftonline.com/common/v2.0` if you picked the any-directory option. `{tenant-id}` is the **Directory (tenant) ID** field on the Overview page. | +| **Client ID** | The **Application (client) ID** field on the Overview page. | +| **Client Secret** | The value you copied when you created the client secret. | +| **Subject Claim** | Use `oid`. Entra keeps `oid` stable even if the person renames their account or changes their email, which makes it a better long-term identifier than the default `sub`. | + +## Create the User Source in Arcade + +Open the [User Sources dashboard](https://cloud.arcade.dev/dashboard/user-sources), click **Create User Source**, and paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview. + +Once the User Source is active, attach it to an MCP Gateway by following [Create via Dashboard](/guides/mcp-gateways/create-via-dashboard) and picking **User Source** under "Non-Arcade Users" in the gateway form. + +## Notes + +- **PKCE**: Arcade always uses PKCE when authenticating end users. Entra ID accepts PKCE automatically on the **Web** platform, so you don't need to change any Entra setting. +- **Client secret rotation**: Entra client secrets expire. Rotate yours before the expiration date. See [Rotate the client secret](/guides/user-sources#rotate-the-client-secret) in the User Sources guide for how. +- **Single-directory recommendation**: If you're not sure which "Supported account types" option to pick, choose the single-directory one. You can change it later only by registering a new app, so the safe default is the narrower scope. diff --git a/styles/config/vocabularies/Arcade/accept.txt b/styles/config/vocabularies/Arcade/accept.txt index 8df6d97e9..ae9fd68db 100644 --- a/styles/config/vocabularies/Arcade/accept.txt +++ b/styles/config/vocabularies/Arcade/accept.txt @@ -3,6 +3,8 @@ Arcade MCP User Source User Sources +Entra +Entra ID LLM SDK API From ca7e40fc5e5f11dc77368267cebc6068a62907cb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 18:32:19 +0000 Subject: [PATCH 2/8] =?UTF-8?q?=F0=9F=A4=96=20Regenerate=20LLMs.txt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public/llms.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public/llms.txt b/public/llms.txt index df69c6d45..26525c857 100644 --- a/public/llms.txt +++ b/public/llms.txt @@ -1,4 +1,4 @@ - + # Arcade @@ -112,6 +112,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w - [How Hooks Work](https://docs.arcade.dev/en/guides/contextual-access/how-hooks-work): This documentation page provides a comprehensive overview of how to configure and utilize hook points within the Arcade platform, detailing the execution order, extensions, and handling of failures. Users will learn how to implement access, pre-execution, and post-execution hooks to - [In Custom Applications](https://docs.arcade.dev/en/guides/tool-calling/custom-apps): This documentation page provides guidance on integrating Arcade tools into custom applications, focusing on user authentication, authorization status checks, and retrieving tool definitions. It is designed to assist developers in creating their own tool-calling interfaces effectively. - [MCP Gateways](https://docs.arcade.dev/en/guides/mcp-gateways): The MCP Gateways documentation provides users with guidance on connecting multiple MCP servers to their agents, applications, or IDEs, enabling the federation of tools for streamlined management and access. It outlines the benefits of using MCP Gateways, including simplified configuration and customizable +- [Microsoft Entra ID](https://docs.arcade.dev/en/guides/user-sources/microsoft-entra-id): Documentation page - [Migrate from toolkits to MCP servers](https://docs.arcade.dev/en/guides/create-tools/migrate-toolkits): This documentation page provides a comprehensive guide for users looking to migrate their existing Arcade toolkits to the new MCP Server framework. It outlines necessary changes in terminology, package updates, and detailed steps for updating dependencies, imports, and entrypoint files to ensure a - [On-premise MCP Servers](https://docs.arcade.dev/en/guides/deployment-hosting/on-prem): This documentation page guides users on how to deploy on-premises MCP servers within a hybrid architecture, allowing them to utilize Arcade's cloud infrastructure while maintaining control over their local environment. Users will learn to set up their MCP server, create secure tunnels for public - [Organize your MCP server and tools](https://docs.arcade.dev/en/guides/create-tools/tool-basics/organize-mcp-tools): This documentation page provides best practices for organizing your MCP server and tools, including how to define and import tools from separate files and other packages. Users will learn to maintain a clean project structure, enhance code readability, and effectively utilize decorators for tool management. From 95a40f7b28dd832a2b0d0745b31769b176a5ba19 Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 11:37:12 -0700 Subject: [PATCH 3/8] docs: address style review on Entra ID guide; rename section index to Overview - Drop spaces around em-dashes (Google.EmDash) in 4 screenshot TODO comments and 2 prose spots (Client Secret note, openid permission note); rewrote the User.Read sentence with a semicolon for clarity - Drop the "We'll add certificate support" sentence (Google.We); the surrounding sentence already conveys the limitation - Rename the User Sources section index to "Overview" in the sidebar via the user-sources _meta.tsx so the section reads: User Sources Overview Microsoft Entra ID Co-Authored-By: Claude Opus 4.7 (1M context) --- app/en/guides/user-sources/_meta.tsx | 3 +++ .../user-sources/microsoft-entra-id/page.mdx | 14 +++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/app/en/guides/user-sources/_meta.tsx b/app/en/guides/user-sources/_meta.tsx index b00952006..1e40bc16f 100644 --- a/app/en/guides/user-sources/_meta.tsx +++ b/app/en/guides/user-sources/_meta.tsx @@ -1,6 +1,9 @@ import type { MetaRecord } from "nextra"; export const meta: MetaRecord = { + index: { + title: "Overview", + }, "microsoft-entra-id": { title: "Microsoft Entra ID", }, diff --git a/app/en/guides/user-sources/microsoft-entra-id/page.mdx b/app/en/guides/user-sources/microsoft-entra-id/page.mdx index 827226fe2..de98d4f94 100644 --- a/app/en/guides/user-sources/microsoft-entra-id/page.mdx +++ b/app/en/guides/user-sources/microsoft-entra-id/page.mdx @@ -24,7 +24,7 @@ Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) with Go to **Entra ID** → **App registrations** → **New registration**. -{/* TODO: screenshot — App registrations → New registration */} +{/* TODO: screenshot—App registrations → New registration */} ### Name the app and choose who can sign in @@ -37,7 +37,7 @@ Under **Supported account types**, choose one: Your choice affects the **Issuer URL** you'll copy into Arcade later, so make a note of which option you picked. -{/* TODO: screenshot — Supported account types radio + Redirect URI fields */} +{/* TODO: screenshot—Supported account types radio + Redirect URI fields */} ### Add the Arcade redirect URL @@ -55,23 +55,23 @@ In the new app's left menu, go to **Certificates & secrets** → **Client secret Add a description (for example, `Arcade User Source`) and pick an expiration period. Click **Add**. -Copy the **Value** column immediately and keep it somewhere safe — Entra hides it as soon as you leave the page. You'll paste this into Arcade as the **Client Secret**. +Copy the **Value** column immediately and keep it somewhere safe—Entra hides it as soon as you leave the page. You'll paste this into Arcade as the **Client Secret**. -{/* TODO: screenshot — Client secret created, with the Value field circled */} +{/* TODO: screenshot—Client secret created, with the Value field circled */} -Arcade currently supports client secrets only, not certificate credentials. We'll add certificate support in a future release. +Arcade currently supports client secrets only, not certificate credentials. ### Allow the openid permission In the app's left menu, go to **API permissions**. -Microsoft adds `User.Read` for you by default — leave it alone. Then click **Add a permission** → **Microsoft Graph** → **Delegated permissions** and check **openid**. Click **Add permissions**. +Microsoft adds `User.Read` for you by default; leave it alone. Then click **Add a permission** → **Microsoft Graph** → **Delegated permissions** and check **openid**. Click **Add permissions**. `openid` is the only permission Arcade needs. You can optionally add `profile` and `email` if you want Entra to include those claims in the token; Arcade doesn't require them today. -{/* TODO: screenshot — API permissions screen with openid checked */} +{/* TODO: screenshot—API permissions screen with openid checked */} From afae4cdb9a4cf0c3243975cadff5bba0b07b08ae Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 11:42:30 -0700 Subject: [PATCH 4/8] docs: skip glossary auto-link on User Source per-provider pages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The remark-glossary plugin auto-links the first occurrence of any Arcade glossary term per paragraph. On per-provider User Source pages (Microsoft Entra ID today, Okta/Auth0/Stytch/Clerk next), terms like "account" and "tenant" appear constantly in the provider's sense — not Arcade's — and the resulting tooltips mislead readers. Exempt /guides/user-sources/*/page.mdx from glossary auto-linking, but keep the User Sources overview (/guides/user-sources/page.mdx) opted in, since that page is where the Arcade-specific concepts get defined. Same path-based skip pattern as the existing /resources/integrations/ exemption. Co-Authored-By: Claude Opus 4.7 (1M context) --- lib/remark-glossary.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/remark-glossary.ts b/lib/remark-glossary.ts index c59cc5173..3b87950e6 100644 --- a/lib/remark-glossary.ts +++ b/lib/remark-glossary.ts @@ -34,6 +34,18 @@ export function remarkGlossary(options: RemarkGlossaryOptions) { return; } + // Don't process User Source per-provider pages — they discuss + // Microsoft, Auth0, Okta, etc. concepts (account, tenant, realm) + // that collide with Arcade glossary terms in ways that mislead + // readers. The User Sources overview itself stays opted-in. + const filePath = file.history?.[0]; + if ( + filePath?.includes("/guides/user-sources/") && + !filePath.endsWith("/guides/user-sources/page.mdx") + ) { + return; + } + // Lazy-load and cache glossary terms if (!cachedTerms || cachedGlossaryPath !== glossaryPath) { cachedTerms = sortTermsByLength(parseGlossary(glossaryPath)); From b3c3c463b721cfbd899a4cebfd0ddc3b3b66ee31 Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 11:53:40 -0700 Subject: [PATCH 5/8] docs: force MDX recompile after glossary plugin change Add an MDX comment to bust Next.js/Vercel's cached MDX compilation for this page. The Vercel build keeps .next/cache across deploys and didn't pick up the lib/remark-glossary.ts skip we added in bdf0f46 because the page source itself hadn't changed. The comment also documents the exemption inline for future readers. Co-Authored-By: Claude Opus 4.7 (1M context) --- app/en/guides/user-sources/microsoft-entra-id/page.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/en/guides/user-sources/microsoft-entra-id/page.mdx b/app/en/guides/user-sources/microsoft-entra-id/page.mdx index de98d4f94..380fb86df 100644 --- a/app/en/guides/user-sources/microsoft-entra-id/page.mdx +++ b/app/en/guides/user-sources/microsoft-entra-id/page.mdx @@ -5,6 +5,8 @@ description: "Use Microsoft Entra ID as a User Source so people who already sign import { Callout, Steps } from "nextra/components"; +{/* Exempted from glossary auto-link via lib/remark-glossary.ts; see User Sources overview for the Arcade-specific glossary terms. */} + # Microsoft Entra ID Use Microsoft Entra ID as a User Source so the people who already sign in with their Microsoft work or school account can sign in to your MCP Gateways. This guide walks you through what to do in the Microsoft Entra admin center. Once you have the values it tells you to copy, [create the User Source in Arcade](/guides/user-sources#create-a-user-source). From 5560017b5c57e891c7d2b21a5a4663f9683b325a Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 14:52:06 -0700 Subject: [PATCH 6/8] docs: match real Entra account-type dropdown labels; fix multi-tenant issuer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Entra portal's "Supported account types" dropdown lists four options, with labels different from what this page had: - Single tenant only — - Multiple Entra ID tenants - Any Entra ID Tenant + Personal Microsoft accounts - Personal accounts only Update the step to name the two workforce-relevant options exactly as they appear in the dropdown, and explicitly steer readers away from the two personal-account variants since they sit outside the workforce identity model User Sources are designed for. Also fix the issuer URL recipe: the previous text used `login.microsoftonline.com/common/v2.0` for the multi-tenant case, but `common` accepts personal Microsoft accounts in addition to work or school accounts. For workforce-only multi-tenant, the correct endpoint is `login.microsoftonline.com/organizations/v2.0`. Update the trailing "Single-directory recommendation" note to reuse the new "Single tenant only" terminology. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../user-sources/microsoft-entra-id/page.mdx | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/app/en/guides/user-sources/microsoft-entra-id/page.mdx b/app/en/guides/user-sources/microsoft-entra-id/page.mdx index 380fb86df..8105a3a4f 100644 --- a/app/en/guides/user-sources/microsoft-entra-id/page.mdx +++ b/app/en/guides/user-sources/microsoft-entra-id/page.mdx @@ -32,14 +32,16 @@ Go to **Entra ID** → **App registrations** → **New registration**. Give the app a name your team will recognize, for example `Arcade MCP Gateways`. -Under **Supported account types**, choose one: +Under **Supported account types**, pick one: -- **Accounts in this organizational directory only** — only people in your own Microsoft Entra directory can sign in. Pick this unless you specifically need to accept users from other directories. -- **Accounts in any organizational directory** — people in any Microsoft Entra directory can sign in. Pick this only if you have agents that serve users from organizations you don't control. +- **Single tenant only — _your tenant name_**: only people in your own Microsoft Entra directory can sign in. Pick this unless you specifically need to accept users from organizations you don't control. +- **Multiple Entra ID tenants**: people with a Microsoft work or school account in any Microsoft Entra directory can sign in. + +Don't pick the **Any Entra ID Tenant + Personal Microsoft accounts** or **Personal accounts only** options. Those include personal consumer accounts (Skype, Xbox, and so on), which sit outside the workforce identity model that User Sources are designed for. Your choice affects the **Issuer URL** you'll copy into Arcade later, so make a note of which option you picked. -{/* TODO: screenshot—Supported account types radio + Redirect URI fields */} +{/* TODO: screenshot—Supported account types dropdown + Redirect URI fields */} ### Add the Arcade redirect URL @@ -83,7 +85,7 @@ Open the app's **Overview** page in Entra and copy these values into Arcade's Us | Arcade field | Where to find it in Entra ID | |---|---| -| **Issuer URL** | `https://login.microsoftonline.com/{tenant-id}/v2.0` if you picked the single-directory option, or `https://login.microsoftonline.com/common/v2.0` if you picked the any-directory option. `{tenant-id}` is the **Directory (tenant) ID** field on the Overview page. | +| **Issuer URL** | `https://login.microsoftonline.com/{tenant-id}/v2.0` if you picked **Single tenant only**, or `https://login.microsoftonline.com/organizations/v2.0` if you picked **Multiple Entra ID tenants**. `{tenant-id}` is the **Directory (tenant) ID** field on the Overview page. | | **Client ID** | The **Application (client) ID** field on the Overview page. | | **Client Secret** | The value you copied when you created the client secret. | | **Subject Claim** | Use `oid`. Entra keeps `oid` stable even if the person renames their account or changes their email, which makes it a better long-term identifier than the default `sub`. | @@ -98,4 +100,4 @@ Once the User Source is active, attach it to an MCP Gateway by following [Create - **PKCE**: Arcade always uses PKCE when authenticating end users. Entra ID accepts PKCE automatically on the **Web** platform, so you don't need to change any Entra setting. - **Client secret rotation**: Entra client secrets expire. Rotate yours before the expiration date. See [Rotate the client secret](/guides/user-sources#rotate-the-client-secret) in the User Sources guide for how. -- **Single-directory recommendation**: If you're not sure which "Supported account types" option to pick, choose the single-directory one. You can change it later only by registering a new app, so the safe default is the narrower scope. +- **Single-tenant recommendation**: If you're not sure which "Supported account types" option to pick, choose **Single tenant only**. You can change it later only by registering a new app, so the safe default is the narrower option. From c34d2091e6d46cfaa33f6520d574f4fc97be901a Mon Sep 17 00:00:00 2001 From: dk Date: Wed, 27 May 2026 15:29:03 -0700 Subject: [PATCH 7/8] docs: wire up Entra screenshots + round-3 copy revisions - Add four light-mode screenshots from the Entra admin center to public/images/user-sources/microsoft-entra-id/ (app registrations list, registration form, client secret value, openid API permission) and replace the TODO MDX comments with elements - Remove the temporary glossary-cache-bust comment; the glossary plugin exemption is documented in lib/remark-glossary.ts - Drop the fenced code block for the redirect URL; inline code on its own line is enough visual emphasis and removes the PLAINTEXT header - Rewrite the Subject Claim cell to explain the real reason `oid` is preferable to `sub` (sub is unique per app registration, so it doesn't trace back to a directory identity) and to `email` (`oid` is durable even if the address changes) - Drop the "Single-tenant recommendation" Note; it was disconnected from where the choice is actually made - Add a "Custom subject claims" Note pointing to Entra's optional claims docs, with the constraint that Arcade can only read claims that land in the ID token Co-Authored-By: Claude Opus 4.7 (1M context) --- .../user-sources/microsoft-entra-id/page.mdx | 47 ++++++++++++++---- .../entra-api-permissions-light.png | Bin 0 -> 250302 bytes .../entra-app-registration-light.png | Bin 0 -> 227188 bytes .../entra-client-secret-light.png | Bin 0 -> 281454 bytes .../entra-registration-form-light.png | Bin 0 -> 241931 bytes 5 files changed, 36 insertions(+), 11 deletions(-) create mode 100644 public/images/user-sources/microsoft-entra-id/entra-api-permissions-light.png create mode 100644 public/images/user-sources/microsoft-entra-id/entra-app-registration-light.png create mode 100644 public/images/user-sources/microsoft-entra-id/entra-client-secret-light.png create mode 100644 public/images/user-sources/microsoft-entra-id/entra-registration-form-light.png diff --git a/app/en/guides/user-sources/microsoft-entra-id/page.mdx b/app/en/guides/user-sources/microsoft-entra-id/page.mdx index 8105a3a4f..7c1cb7d47 100644 --- a/app/en/guides/user-sources/microsoft-entra-id/page.mdx +++ b/app/en/guides/user-sources/microsoft-entra-id/page.mdx @@ -3,9 +3,12 @@ title: "Microsoft Entra ID" description: "Use Microsoft Entra ID as a User Source so people who already sign in with Microsoft work or school accounts can sign in to your MCP Gateways" --- +import Image from "next/image"; import { Callout, Steps } from "nextra/components"; -{/* Exempted from glossary auto-link via lib/remark-glossary.ts; see User Sources overview for the Arcade-specific glossary terms. */} +export const IMAGE_SCALE_FACTOR = 1.5; +export const ENTRA_SCREENSHOT_WIDTH = 1312 / IMAGE_SCALE_FACTOR; +export const ENTRA_SCREENSHOT_HEIGHT = 849 / IMAGE_SCALE_FACTOR; # Microsoft Entra ID @@ -26,7 +29,13 @@ Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) with Go to **Entra ID** → **App registrations** → **New registration**. -{/* TODO: screenshot—App registrations → New registration */} +App registrations page in the Microsoft Entra admin center, with the New registration button highlighted ### Name the app and choose who can sign in @@ -41,18 +50,22 @@ Don't pick the **Any Entra ID Tenant + Personal Microsoft accounts** or **Person Your choice affects the **Issuer URL** you'll copy into Arcade later, so make a note of which option you picked. -{/* TODO: screenshot—Supported account types dropdown + Redirect URI fields */} - ### Add the Arcade redirect URL In the **Redirect URI** section, select the **Web** platform and paste this URL: -``` -https://cloud.arcade.dev/oauth2/intermediate_callback -``` +`https://cloud.arcade.dev/oauth2/intermediate_callback` Click **Register**. Entra creates the app and opens its **Overview** page. +Register an application form with Name, Supported account types, and Redirect URI filled in + ### Create a client secret In the new app's left menu, go to **Certificates & secrets** → **Client secrets** → **New client secret**. @@ -61,7 +74,13 @@ Add a description (for example, `Arcade User Source`) and pick an expiration per Copy the **Value** column immediately and keep it somewhere safe—Entra hides it as soon as you leave the page. You'll paste this into Arcade as the **Client Secret**. -{/* TODO: screenshot—Client secret created, with the Value field circled */} +Certificates and secrets page with a newly created client secret, with the Value field highlighted Arcade currently supports client secrets only, not certificate credentials. @@ -75,7 +94,13 @@ Microsoft adds `User.Read` for you by default; leave it alone. Then click **Add `openid` is the only permission Arcade needs. You can optionally add `profile` and `email` if you want Entra to include those claims in the token; Arcade doesn't require them today. -{/* TODO: screenshot—API permissions screen with openid checked */} +Request API permissions panel with the openid OpenID permission checked @@ -88,7 +113,7 @@ Open the app's **Overview** page in Entra and copy these values into Arcade's Us | **Issuer URL** | `https://login.microsoftonline.com/{tenant-id}/v2.0` if you picked **Single tenant only**, or `https://login.microsoftonline.com/organizations/v2.0` if you picked **Multiple Entra ID tenants**. `{tenant-id}` is the **Directory (tenant) ID** field on the Overview page. | | **Client ID** | The **Application (client) ID** field on the Overview page. | | **Client Secret** | The value you copied when you created the client secret. | -| **Subject Claim** | Use `oid`. Entra keeps `oid` stable even if the person renames their account or changes their email, which makes it a better long-term identifier than the default `sub`. | +| **Subject Claim** | Use `oid`. The default `sub` is unique per app registration, which makes it harder to trace a signed-in user back to their identity in your Entra directory. `oid` is the same identifier across your directory. It's also a better choice than `email`, because `oid` stays the same if the person's email address ever changes. | ## Create the User Source in Arcade @@ -100,4 +125,4 @@ Once the User Source is active, attach it to an MCP Gateway by following [Create - **PKCE**: Arcade always uses PKCE when authenticating end users. Entra ID accepts PKCE automatically on the **Web** platform, so you don't need to change any Entra setting. - **Client secret rotation**: Entra client secrets expire. Rotate yours before the expiration date. See [Rotate the client secret](/guides/user-sources#rotate-the-client-secret) in the User Sources guide for how. -- **Single-tenant recommendation**: If you're not sure which "Supported account types" option to pick, choose **Single tenant only**. You can change it later only by registering a new app, so the safe default is the narrower option. +- **Custom subject claims**: If you need Arcade to identify end users by a value other than `oid`, configure that value as an [optional claim](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims#configure-optional-claims-in-your-application) on Entra's ID token, then set the User Source's **Subject Claim** to its name. Arcade can read any claim that ends up in the ID token; it doesn't have access to access tokens or other token types. diff --git a/public/images/user-sources/microsoft-entra-id/entra-api-permissions-light.png b/public/images/user-sources/microsoft-entra-id/entra-api-permissions-light.png new file mode 100644 index 0000000000000000000000000000000000000000..4a2d0931a52bf073c9e82f109b3c55419245cd5f GIT binary patch literal 250302 zcmeFZc|4Tu`!KBBQVDg-62laCsqB?(!_=*k$Ryd936T&pCNT_?gi1`ZCT5BxS;m@u zWF1RP)=~CljCC+$491Li+~4nSd7t0?{Qh{~=UqO}=j-#CYdOzjIj`e9&f_|k^YY@B znUU~8>4SWHe8R@puiWP26FAPt$8WxWAFqW`{X2w@?_j|LL&ICfhK9#)`T4p(@OIBj7yj{!0#4jjI*|G?$?SmlCoyTeB=yIoF} zKUg5}y6kwypoBnkfl%@1(+e(_@7y5>0vc%6qyWUs@K|Lfg4&h#7Qq$eD>kq{Z5l<{ z(|Y(`bOQ%8R|H>uG;H!@&(SA>BHvzi9ua!`;lpLVBAuN8HcaqRFE?rPQ9hcpQU%-dcGJHoHF8N;l3QJu+VJdz?SRSO?*>?UFw!rXan%lgo z*}V$Mh8DhYWACr0kMX^c{XLrsdlRSo@%pp;-y8^h6MLVHoI7`}a(}=H?^o0Nk6;T( z*SAg5r|bGn69(>;#Aku3laDn9GnyM7J*Mp-0XswIdQKv|q)vn<$kRoQYNY+#>$2VU z-LQQv1vp1U(M-9AvafGv&ZH=;zr?x1gMRaht@K{L^dNn0{JoCZB>M(p<7Zy0&diGt z`5BvpW2%l?#?#Gdu3tR}g2r|U7qAVk#tYP}D=pvQB4AycU-oua#!<1!7gXOoGhsD| zZ6Lew3rhM?hgPBMUH6Tt?%7wiOh{q+V_?X)H2j&^#Pt>mlKq`}#h4NC6WdevZ0LAC3}>#ojgs?_b_TXV-g74!c|m3qdf+A82OO*90_ZrrT9a(GY8p4OTC@7U4T z)}Pd^n;>RwpU%fw6EjPG14Iivl2MWo>cxfKxt=E(3b!KlRL*tZR z6lQ4erRnd)Lu-7m5qrn|q>SX--^O&-XdXJgSLc$zmrFvkdtC2|c)#X4JP};kv*-G9 z+;I_Qe!%O!=br4(@YRzIC6=C7;)#M}Lbjgx}hmaOlAC1Etcx_KO>yyd`i) zSo0FtF#A2@hxlj7DpBD-6@J*yo`3b!SY3SJnXt1-%AWHRm$ZL(I;hxa3zKu;^Nr}3 zkls)q-iwRE*K=0*whzh~?MXQFGP39L+f1p`YIpXZl}mi~`-g#ym$%$LOWzUuBHJHR z6(M~oCd1%Ek;lQ**o#Kh?>XJ(9wNFzwGy=gj$s8xZ2y)mYOybSyJWqfy({ zCdJ0|oV&oM!xoV_&1p>zO>3@^8o)vuWnr&p{!Lr1Q-wK$mV+vTA%pJTf?p-|p2-p? zU|+P)rzxraMr?7LItUMjMZu}CkP7EvqnblbGQQ!gX5y5<1`2hIdzhZkzH-@o?X=TT5jO?Oaf-ZK z%F8TibKAZVe@|Y`qSn67;S4wJ6Z8vqp z(%mViCL+@7Xj+u1mx+6_`&GZhe6i?v z?9-XQI#28adVG`qBt0RWdqKp*fhsjkP>PhRad9U;3YA^lAjsCO!y1AMeH@hGA z&Uhtz;(9}ktuxNg&8_(bNrspj84{sJ85a4yndfu7KFVah!w==LZ7`pSKTLX*`WO0S zddUOOk9Br+<~w0~>Yq5jb}1ZsKXkX@N2_`ZEZ#YHLP$YeA;}zTp4qM7T3l2OPlCs+ zJ`~G4(D+B^JzU#Oi^0Cp3(ciHYmvviXYRIW4c#B8<}3O3Anfkt&ZpHge;_^~W09Gg z?*%<jj?x`X|e>2yQhLkq(~@U#oSiIV-_@IXfjgK^v-lxqV%kM%l#RonOOWPY!MU zDkyna65@K_omevD8$iOk)U}4jhh%fC1&svb4C5Q0XA)eWPB{^)51my=D2jmpJTNsq zSK2jK+N*e9km^l!?Lt?jRDY}l_#umac%1N^sE;r#s4DO#dy@BPRoOos!uashbZOo! zX;!vekema?4ns8+b3e;aXOv|pX16jvQlBN4kfre=z6s^HfVcn*CIgZHi6DtV9mnpC zT^rK?2iIAK%5tT4F73#218h^3MRLP5CB~%+PrX-qeN^g*&5?}@trxBz?IY}WI$G#K z%`mFpSO0W;;PBywgFlbawfjzAP+Ch?_qOq{aT_dwEv)oUj2uaLPB{`KZ*V2(nol%J z$_;Sx#r&(JXs6#t4(lJ8lC}8#{9&(S)u-0&((C}>0u?z)pe$4dOc=bsTF~5RvY32S zwX&qoW3D~RIw?oR1p3&$a@cR3K6N1FS;{lR1JJ<}i_+_X@=9>uNhxA<$vei&g?bfA z?1}^OWDV80!1$!G+8f9CfK!-{71;?{ujsWK;@es|+#Jgsu?Hs}_&>0i)0pc#w(;uO zD~r8XFQ>j&vQR>}x#NGB+MEWo`gQ$E)I4?YX#dL-tGD6y7sZd5kWaR}S^gtj$44ho z2WWi-uT8k^oOPGNbm$%KtRyi|j8MA>r)Jy!O1t~a$o_Dz6t6GjKfT1rj|+P3tqXku zYsa>>gqwsP$b@#5x2v_G>onY5gTvhGx1N4j-X?e{C#W11A03%4&Y2HhV{I=7UmWro zE!ng`QapjNElF!Ph>nSNl;#)>LgB91|Eannx zaO_T&t)&BV(};^8e&2lKLbWtN zMq1(Ya_4@RLcOQ|hudb98ffSUUsDr&Mv6 z@pZp;f{KYBvMG^MF<;-AX$=KSu49)F%X;Vz_CVH9-Vk{!oE^M;Wu!77plu{9csN*% zmOX}M9H-V#H!?Bmn3r-LVAbG^)sHh;@nflifPGzuf<&Fr(yMC|hwsn!FHeru9g+ko zfR%y^I5iUyozcAt1O+XqYN*ckjSWw~(iPDN@H*jQXvic41IA;TV}X>rlikT zSFs*1>k$o!I8^I~x{mppIn$M+*pf{nY2a{>f{mx_+uZ(XFLwDiU(Ba-pFTbFJ`#NG z;QQBm6i@D1`6|Na2jEM1_dL`Flv{NFP%1|?<-`gu&?<@~mEjPZFL>APPn9dEcY=Id zvV5)bp?1<&gZKsqtaNAAR$e{EeLarg`y<`T+)QJ9Y%s52$7F10F|2fcY#YpX+jjp6 z^$%svJO|dw&BoaM=1sn{yzBjZd!ioj{l>f6!~03|emp<-O(dTn@BBOOcjf)wf9n-E z{+|EeuKCS(0WVt^8XNP@7OsA7ZaxSP-$$>W+@SMFkssW#d1Q0bRM*w_p{nyeUl%vk zz=yD16h2U(F7NW8+au@Wfe*cX5W0c-@_#|-@~(HA)#Q)=1@g#CU*6{Ct>cEies0Gv zs;aB1%Nra#e*8Gd@1DEv?JL**iO##zm-l$|2&Sv177!4i8gO3K*YCcXhK`Pon)*4l zbLUie5Gn|y&m-qR6(5AcKZyJrohxn#SHB0aM-O~`j_=ZScJcLpq%SYO%jn<#{xMFs zzz6@q$p`Vz$KpMp+HQ}UhN`;SztiTSf_7VVZ#@Wf^R~V6;2}>uJRSzx7j!^>!T*<@ z|KRwaFm3(=Q{%kGx&Ms%pSu1>R7-@LpP}zV9?wSx|1mZHME=j6|3n0-?LPW{62(8{ z{8uYa&;|!VYX3fI1_zB_FYpxO5})yv%Xb3zEY=?AyLaD`wzCcrHP)Sb^!vFtX8T{O zdmi2+c*XoT$3tePXDx4~CGmGznU_7~Db0L^cgFa)ebZcj0rw1wspot(bpgE#d5Vcw zQWsOXf7@bApS1JVLnl79udd*mX=$4A%@7u7=l(AA?VYN)<$J5q9U>(ea39Cn-hj>1?n5 z%mKkeCQ!_XqMCi9m(;MG$RQIn?+yaN*h>ZGi%KPh%2h+KSh;fb6+581G6(b+2h!K~ zaUL%-xNEb8Tr@xi1r0ZR^9uP^xW*U^p|7n~M1+yIo;c4@c?{;};6nU(=AOnLk}IpN zw|7cnpVI<=WEPG{i_gv`svN4>We@%r!~Z8l3LaX&x2Q2hOyhLP3w%O6ec6$J$~-^W zm1Y5{OHpWf2|hsHbP88n@Opz?QJk3Je%37X_;lKneHP@_Fi9 zti_p=fz!uVT!1e0l^j+L6(kx3`lpa^T$|O(u(lpSp^LG*Y?7H*>+I44V<8Rx2F$yI z#_IthpWIi-V=!JO z!w`a;kDBe%+BdP1cK%?Lmd{SB!hptRI|qX{`v@_SEH&W>-e_VR2q~Ps0@zeZx7QAt zm0`yb8x&%<2Mkow4Ax>et*#SCj6%I|5@x`ymeA>W&_(b2wkrtvRU?X%v%(xQ#w@F0|6!CDW_P^$C#!XXlKLX1;0Q(oy4JSRqwwdNBk2w5BfB!vHCd?h-fJNoVd(J0Ah8>>@dA+byj9b z6*@fxKMZ|o+TT>>mtQZN`89FjT|mI}M5f*VPK>(cG#=ZHPwe0b9(*qv^g-_;6U@~& zx7)0YjEwzoUn#pr0=Ze>Kd*N6ljo#e<-mBX`A|Evvs#b7(k;6{dVvU0gAr%R?G!G* zzz@ONAF}VZsBBT{Q=Agljz8cPBPX$g3?*EuX#7MP;(KLi!T+_9J^r+nYZlF2 ztvq&5kOlJ$K9DJaCElI?V+UZh81vTzj*sJLFCPc4$=UnMJ82q;pezc|We{WS!tu8b;&SrX+TAWt;) zhfoK>W~(Z~1ZYdYTM52#DF1@r(hr+MFm>gsstCQsw5?3h)alKr-wl;wwudJGV*G$Z z(FHyeB6`%#C7JXWyw5OFM+ohrLt-f$}UV>JLz@lfv zPa(M9=-}dqR~-l@P9m7wPMskKnkp)1mUP-y5dx!BhSZRam#7isT#Iqt@KH!6*uY0f9Krd@Qw7=EpU>D#hXt#l z^0aB$Tz+xK_&w)pAe?OM`P-2U_s>1wqU}B?St+yTrUomp?G{?GCeXYM9RZwCk^M~0ZCW`+9SnPId;b5U|dgN=sTuto(T z$`z&$S(cvRB!Y)WzJL|5#_Iq@uGm!GH|*)J12GZmtZWqvBFj4|9cD~g<^Y(N#I z9w^GgS%h{~ijGx|3V}&=A7*;4lqb1s-gHE;yc{lAi-4IxPwbXx+4%MZ=tL5e(M!@{ zP3Vz>C#aiReIOo!L>f3vv8g!JY*UA7fT9MeZHpnf4}90DmHqGuB}FLl30|rWfvJUb z-0!w1+Q{43P!KIp4qaO9g;;^MuH=G@hJ0t4-tT z31p#5LbT)3qe3jPGcATQt8)6aPRc=dWgC+p<_}E435el_)W_48 zjZ|rW!WG&^iSPU6&#aEY^DN&T_U~mkb|L0b?JS-qM)Po}CeyKCwmX%Baiw!cSW~cq z(E$C&PMuL>?aiB_wdtZW1B`A-NHkjExu8b~*O2zA$U!rp1puR5LjK9TvU<%DF1v|E|>m`fhO zVbiY3CnB3m^ipv2%>9%e*iaT|Fx{Al=M5on9$j;>C+n-{uNR6AN=)GF`{2^OCm!cI zV9|#8KlXKIoK(wg-jr~qjQ=${5EJYqGk4owbE!$JpqX(3Sb$P-DQ~dYnJSA@Ewk)3 z15McF>|7EYskTaUy{G>eiXfmR}#;_Xlrg|KH6 z<+4K@f{$l2E+c9{&LCr5cfZhW4O09pfTa(4n2+~Ni-rj6@6vLyl?buZsK`T%1c(Ih zM~vyv%D28fV7^zK(SM8!?e0;WY|5AGYpx;Ede!WeJ7mHC4)G}U-<;|t095Pl=$lCh+B+wtzX(n%7WHk&eN@9!v z?_uhEnPGGK0+IUItw z!#rb>m?g%wSYi*>Y2$qUBD3_rI}>>vM7R(Mm z*Pse*Xq$-IcButjvG3>w`w=Iw$#}~JaOr z$_C(SyoE58#>o89{4EJA8xrDks{afVcy>Is5`53Je-OUuG{rrQrPj1?B#8gI`ClW0 za3EE*saUz9xQwD1`aw#+rb`1Av}K?nnC;%2ZkEq*tuxnIm$K}gY)Z9|CV{i6Azv$> z-Mebe`~%*Wr~NV{E+9>=2tNjyhsQTPBX zdvbRAE)wm$_9liiu8XJSCJmdj1`m+hj0pn)Rcy9g5m0CGBL--|xn}G4aK9FPb1SU&}YuuXy$vR40OVLzY2ga;trNLY_?KI@xHwIItR(oWW zzA}!M`>nJrE$G)+3t59dZB2R=2?ie|3&nr{E`bfUvE8Bu09&e#9HJ`|r#(NX<7^jO z&x>S#ZPYGISD;8&fj&IXTk%oOTp|@Xe<*+9!WBU*HA7U3R0rDG9v-iOnG&oB+Cjk{9Q#m2&*f=FHE*vwPUaPPYs$*a|*_&u~Db&Mso zh+1z1Z(<2ZzOs?P5n%V)bRr>UNm+7s`Ds&&g4aN^ux)*0-hAMR`cp=)+(a=sC#`c& zX6x>jP?%J}WXF`R@d4ny501??v+vYex}{O2>x#+ z!}qYZBk>q3Bs6uWkINN{!WJvzF-VFhyU{`vZ_Uf3ZA`68V)SdkyaHLVGQ|!9P1^{p z+4%zrH~ZNWuGihs91|SZcy^heXpX|aAdutY`{f@4O(mRAE(*{htLbj9*RnJtDE>%G z+f`uT>XqBFwG)AA8?c04`GWq_Btjo~O_5s5t1LLtLv)C6X3E-XFaJBXC{}Onbpfrq zO9jLvF?fNd#h3y!^+%6aizNPpH(_U*jp-8T5=>X3k-KDx(^R%EVP|IdK=*yYi}!-m zR-1!`lB8YWBlv#ZQ&4?6uSSSL7+Yznq?-`5%M1GsM=ylt^9l>|an!M&!Q45(cv@UP zok0rmTM70HFj{18IPs4?1nrD>^hn|W)La*pz{MQwhW-f{XzW*=6)+gNNMK3Qg0(RY z!$MugMY->_&m+85 zZEhFWn1P$*y@I7Pgf7kt#CG!Hw~^ENttj0kSGt`ULtic=%ulNZI`1%J}fGI4ME?E2Jkh^R}D9{Nr!Hgi2{DhUfmuZa1S zt>)N(?v|HLjc)}0`FtWax;b}g!XI>^3t_5{Li;s@AR#a~62an5yV-LRGOuy}h;|(h zv@{egAI<%WZkjbhC>NTCUsVzS})??4a?r7Sna$sU645b=$1$$NS2PwprBgTdXM7US(1qZf9e9 zc%C_d-0a{zs-tXwS$-QP0Ej!VuWB;6NX zW_qk=iw6H*643c_p%;l?okBQ-xGdVxz(2A-#XX`Y{v#1L!7i?Ir*rPFn4P%kAo)S# zvGQ&nq5N^zEZ~LG4yO%`rthZXh&%bs#DP&0-pzzgWANG3>*cBLE5k3};p;vmd7O^n z`A2DI$`Eb-(uI*bIG8RK=UJPKQYppMj=Kmh*4Mg@3gQSFu~cx);5!@QwB|T`M=F{) z_2Jq8az3|tDj8qnllO}Y`<&bS#ditfyZ(U}r9vuV1YsFkSESaj?q3o*B?Lhdn;BO{ zUfKAY66%}cmh~fw#+`L8P8xg8om@bTmCWe1gc88Wyk!fc;^oxQ;>=axxdJU3hK}1mG}S3 zE(HOfFAHam8m*0fpa7cJ;6s!3B%b=pq+aR#nC)uR*jFd^6mc_kyjt8z5As*eQTS$t zJCbW0H-WtHJhG@RV5?HXAAt=zjiW-b=o%>8tTk2_!%L^cx@=WETpiy{Q|_Yl^cH1K zxc-SAjV}z!O9Ph?zq{gX=Z9P5(n=cAsqA21s>KwNHAm(DE^$q5i_Pu3d(2_WX=Ac* zyqcMYTAJc`vMmq|%A)Jf9^QHY0DeAw#85ky~AM%=apH5d&8|X>hpMv0(cPR_L@Aqw0T%^U5 zb}KlKRAB~vT}RZZ;~iVOPR&2Dc$r|%oWnTkbGpLaE?)IE5nmT3Jv;TQ0%8E=t-9XI zZ=1LDjJ~Dqmd^VY)ch=on?|CTpWzO#B8a?2Pah>O$aguxKqT(kGnpwn6`Q;dV11B8 z%MWZ2y$C}c$ySr{SL~dB0%`d(C6&qXB8nAB<&J8w+784I`m}|Kb!>fMGHSM4Ur4cU zOHQ>$QHiINTUKhIOE#WmYYjae55G4LR%W8W2CFW^Ut-wJ6_%2#70_1-IBlAwYv7dk zuv$z07O%nH{|JWNtWAG06{-=b)z!k`f%6*v1^$0iG6UKQNRV`jl2E1d&2;I)BwjJ= zo^3wo+eBGjpxr3qiD@l{qb&hbw$#{%u>$4uUJix}2J>&XM90uS8b}{LlTSM)GJZ*G zt-C^C%4Pop5Oouec*@w@u_@-d;?dl@tN&30A${lnQgNMnWEf@pg+^fMFR0<|iBzkDoDdRK=bT?Tecqao;Os$uHR~!Uri<-}{bW$2X=7B()%Iffm z_(rqhI?oXEa3;VYSSgkroX+m6%BR#9b`h;(6M2ajuA>&KyW^pXXr#XZ!7r~5%p~i4 z)0v>gu+!9hypZa7jMYR}3NO^**^SMuDgF8}tzjys;olKZJ8ipp?=}{2RBSt>F=SM2 zcz}M_hB~E0Y~StB`MC_%WoZj?wx_fU(=xly;wk$3TKO`aBygxw%~*0PhF4QrNI{*R zt+WGD{4Hc1lxu5Z)5sMNVNPp~U|A6mP(JyiakFIJD_pF0FkH}j2m%N!t5GLS@%*j4 z=9miN7iJKtjZCjWEiE)&gWGfo#AkJ>R4_6~u19GGA)OWE(@f(1SfjLP;6oZX&?nX!ANwAvuP5%W8d}QBso@bWJ}zXQ74Vw{bfQGPdTQ6<5$vo1a`Nd&84M0f^$t90(khmSJGzo|A|0A5DpE3g2tL` zVCC&aYulbzUj+^`M16m_t<_eHVr(qe_9%Q((D)jG`NFc>?DB`!rpvfet3)xx=i)S_ z_4VPrjb9sARJR!8Q~W1IXosl%AvKk#42PaEBAs)+?S#Kr|xtUOoz30{A1Rf_@= z-=?xd<4jC}^Il*3jr2=F_>@t)ZG%+tQ*$FAERXfVp}93#vrQ%0HQrG8ZLM~Nv*#&NNL^XS#df3yqdh$mwUEMg;unb& zFSx3lD+7_M&{n2n8>tmVeTN(Q@wQuJzXlKn0$s1~QD_<0G$Gl=8rWzTotkkqb?j_$ z>iQs>3iaum^^0Jha^OvfdENUu5*ptzQe(U8M6BFWuW@1tgF;q3JQ}G*MHkgXo&6=veiI~ zB|=1P)wj;L*DE|;@Q;N|vrmbMn_i-0LF(Y^EKZ&3t*CyhI1{iRKt!{61B>_`vVT3HIBR?`qFWGJ z>$$`1WIb8X*I(YPkT&uPn}SpV&S>Md5~;499bG!^5J&n`37p+}mFKF5$rp&HR>f|( z@M`c>AYP_R9PJ1%*wCTy9Lp((pdcWsf7d7hslwEkIEyr;P&4ExZ=Xamc2p2rwrhQe z$i~V^>e1a^EN^#3S5`Kw-uf>)1s{d+2sQJ16L?-11~E4mvSJy0F&*vkfw*KB7JddF z5j!pD!5&3^VTLvpS8Xak)m7HhwkE}^QEX^JnP!BbFIG~V5$YyOuFo}R!4A;-2R+f% zJUhkC86Z@Vw=8O1ArX89^*SVh}95oqTYnWjQQU14QbTQ8Fl7(a#1kk7Ot5 zHs=lY!ne#NE8)P6Bi1D8eX1RD^s;f+`g;>WA`Ui9iMh_ad|Cot0LTkP$cXU<`2q)F z{^YD|l*)#Ux@`rPUs3{2@sz4i)~9&Y6Q8y3f?OH)$#jH?)4dbKXNKBAzWZd1! zeouvKjz+kKY&n8*Z8Nh<%0ekk7qxX}fG#!0+9MY5yF<+}wTJ5V9imCtBCv)8R_;Qt zM`TpPxN|d+crdf2NV))|MX`;YP+NGjP(742vNTD192%gPU7bJg)2_1Q6J0%&LHqi? zS_R}uAuagmo{G&yAhQ0ayZ&DvOlvvlv61~Q^0i>>=sK{Bty^7Qy+re=t{VDE`(4+t*zTZqxj+SoTSUXDA@GM*bS;a{BhkL-Fjje2_ zyRJ*yMX%Zp005$w5<_pr8Wo7nCx}UMKU%RLlzGmbzk72DLaS2U%%iQZZ8E6fQ09Dp zb(h|9jZv2lHLW(+3Xd(hH`gN&EvcGDrp$bQt7k1E`&KW27T0JL`@LJ&Z~FOK-=#Os z_oy>Bcpm`VIWB(v?@ro=M}Lf)8yX1*i};sdbr98Yq>09nwd_XS`(5?ng4CsvI`kZN zq*~H@sEWC*V*eGynTP@!_%00On^X@kIW9$24GC5a5&N^NHF90#TJD-xsKY8!fvQ7K~8YO0W1 zc?c{5+j|6Bf!d@qB^@7iHzqp-J+LkI==QH>Eml6>;c~8)^9zb37)FUO%V{5#s{9q5 z8J}YQ`{}bi_$Zv%Q{^w2AwDwG`Hnm$p=@(YLe*h#EJ@YYZvh*^_NiUQ2DfuqW9ZSY zbUm#{m~GjSC2+Njp;6P1?}tncv`9j|Uu=ofUNaOa|Lz!3QAn4_7hQslE!dZ8OFqyNm*$t*j) zk3pGwm)mJ0)$Do&nU6RBZhHQG&g>3)9Ikvc*VE%TZk2?$S^W^DhAvk!EO5VSoE!IrJRHLXl(THWk#SEiD7mgs4Ggam(~Oo* zo0uUqn68hn0V!pmBsHw-WZ^Z+IH1Hk@KDMJL!e0PMZh8C#D)#gj!;pRQx}=o=Mqum zg0-tCR=Hs2$2SJ_!Rs{~WUHYuyV&CP_ zy4tx<@4AM{eaE2wH+NP&T!EL)dE7Y&MX2w4a!5p0h5{U!O!*+HnTojzEQZnV7HfWI z+=SK*fb2~KKQ!03&PzmvPkLOHld?jp08du|*<_d19CIfO>*`2WA=G~=M$2cJV6a9J zHQ2c8#2kF_M(OXD;9qlm_p$iwzF0RBR^RO>odT(uq<8rKszEY(tHz{t2A49R-`$h4 zZoY+TY+H1NG?xj`lI%7NJdRpT9n76r3%rxmg8B3!sNy)i44_C8Gg?mYg}2r#CiOSa zr=Of@i89Rh!worZZse0f*GtMDfz=u3gn`V)bCvFpFtf4ZFYjnxZKOn=@Je!@a94Y7 zdJP?@@U!<#sd>SAcZYUr;!gYTe`7?(^DHlc?GW_>k_jiHCF>|5%fVywwB@R?xuzeO zUXM9aVPL-kI`u#R6s6)E${*jKF?L*f{g$b0$$6IwpTyw4g>HvEZI@l9>h~)~MHo6v z1)8Cn;f1qOhS!5CEn|nW(svw5sG0NSKwZ=Z<=w@H?Gvtwt==laGNc97GXpDd?)E0< z;n$%1IG%NrI{TiS?Bsih&5R^o@@q|fo9z_O?U45=_*=`@c2wJM`a1gL^qZ3=1=X;n zU!tP{VQ5yL!GnZd7ni0ho^w~#ltt{?%I%UE`n3{eDwWYv`6%Y zfoP=jiL#frlX2PDn#n*5*%a~thSW~kh-g=yT}YRXT7M!&Py}!*q`>ypB}1bST-ZK^ z-32s0efIt3kE3huUi*=L7=r+l|GMtS7tJpjw$i4^S?_M@!@C|G(Z~g)e$lRJ;CyXliC^|aCgGOm?&oi5x&mv`)48H% zBj(dxfBPle)X^WNH%fARuK8o#EoFCfMsAkmnKM*y=m$cpw%yj>Q8x{W7#xdDcFYn)cS0JR5)QF+MJV#84P~!wvo&VwWML3AUI#6a%UBMbd?}0H8wjPV(bk zit2YwnS;|S@QZi8%jJAqJpEqj1XI*D6u-1M`_}PqjF7hZ!CBvO0U-&8$6b|FE{mTv zhQ}X5SqJoP--tdYxymOyeE#&aDGfuz8TYvff~hM<3Uf_YI%HsgB;prBnOmz~19_ExLth`ZQ&Ue0(A$Z&zn>f8 zt(cFOoCI`C{&au$H;QIfxHr|@zvN5qg_8NNRRz@#lA3Q;pC8)mx}KF1L3(`)ki@=g zgBLqhzzD%owH-)8(M5%4ygpf9+M1!|>J%v(ynCwC6&?#{o~|(?!1A`G0)7)aFDwySNQpAe!n@lRiUxtI1|?d7+*>?fh`?yXKXOLo4~V>OP{++gT%jthr__MNoR z=VOVN$QSUILPhc73Ep<1rdrYARxyKaX;$uuOlibjK%Q^w<@R$|@+dj}N@K45VMsOV zYvOGMcBzRRtKwYm#FUtoikg<(pe?q_!^yV%o;ob}E{WjROE9GH3neAnmoN3nowp-H zd4UJ}#k+QW%vBV?M9lcs+mCQx&K)ZlvzVkk* zUUN58grD8BeHk)ybunClVyl4%NCAG@>4QjN$feTlw@!O`+8d zb_jK=+{h5>5XOvIV;{}&JI3o!!~$-HCZ4EPMXx_Cre9@rxIyYZ4#S!)+D}p)>{Jb? za7uBsstQ9*jq;6B-5%FCqNX;Y$C+{$71lYm*}uU1w?Rqxz|Me#Z1gIl<5LtXvG^YH zr)5$?ZInc!<^ujqFiY)>s83BU zRlU?I?$Xi&Mk_NIJH7$x>}vZZ$XVy@`nk;{(i9zJQ@Z9(pdu-=m$6a{+n>O+gROQS zE{n5Fk{#^}2r~`zB`=?)Djf(Y%+>R}Oa?(jgwj3)>2hl-M!k_g@ zE>M!;)$_ed$`*O0Q1hi!Uf^AaJ%8T}{HijL<4;MY65fLf-OxV~9%ec}gpD3QYRr+X zrUqng3s7nlLAl>KD;&2m1(}YF+VV%F#c5qG6S~7pnCktpkQ_Rf+`d#kW*`9WuSZ}R zY4i$OoyT@Rl+)j8xS2k-nO+>koTqC-8JZS>tMGZxQQTGz?(D7?gXAngp{mu3#dO)R zRapy9v#al&8P;f~^@5&qJ8)+e2w@*Cs9pa>f0JDEaoDdzg)#-)*(hDOUp?Li3H3vA z893-DhZc}5ir#3n_+`Q<^CHjJ-A>H6FHf?}wG!tve%J}}|3dyu{xk|eGSb$x(c9>q zW$cy(nA01dv=;pR9{z>ab(g0(M>p$*GnEWzxMY-U&>a7-PfXa@<`rVzg_!M#)y=H{IL*NY6)o!=r zw{Jk%nc%I=UK%_@2)p_HzJ%}zqkJK?nnIw#OGcBT!K(H=jys22$1p^9Rzy2`vP{@} z{`goqa(DBQjr6x#dLllpd&QiH?!Bp%h-X*f^;9A;x^lwZWmxW7Hfvy6b*bR#z*EF> zEz97`L}tNupGtv*95TLzJEQxc(-f(Qz`vDq9r&B58TLi|$M+j0xioD#^2l1$XKpLY zRtixdVsMc~uUV-F7B&Vs+imr}3PQn}L&Zcz2o-iKDBNZD2KJoOp0+)O&cl)X0+^x| zc-iyQ1)%^P;eY#I0H~z-&*CDY!w7mJwA`=%i+-={rFlJ|nr$#rht^IkaCVq_#TZg)%0JA;_HS*u(0=aLRj_F@4JHkqdNYv~v-vLk#r5o2-Ph+p^w zxxn83Ye8K}0u8O`(wVM>PYdWTb6cP_UX^@KTQ*n^fptw3`_}Dy9o12DQm~_*f8@-$ z@@hN!53HZZYQGzo_O2sMAs(9lC0DL`=f*8AyKbjCEnpN$ks(aTteq@yTOO^Yh~opV zZuY2gdbmVC1I`>I8OSaIF2MB%e7Q5es-)mi#ug@Shl=LjuUu`BVdp9`SNnlmAAo0h zOBXt3lHnxncd+;M953wg+#K-b3}j%2=OuG5Y}71$9oo_#U5V66pb28Ol)(PtVy#J>;QSE9=LrO?42M|H4h2#zxt`d7ujLo4&Gsa zSzDpKS|Jv;6)@+YBO!lm?Aj4_u8hCt=Zz}QTR?kmbsf8!&O-07C{Kk{XE75)gr%V% zl}DPCWK>)7+OPR9B;3v>PK`AZ0Ii&UW3n~Xt>LBp8R&>yuphJIP5`+d&<;VN1}p@) z{QE)|Shg3k-2_>)KC|9-Y`F8CR$W?e2qp*1ucGhnxHPvg8LdXc;q-&o*9?vKt#lou z)~#i!EuHZVWxNZ{rP`#decz3b{)<1nGI;0Gd8N*RDx>m(>N(8K&YpXs{#uS6*|`#& z_N$#Wo<8jGo{(7sd(ix@r$4kP<7*aZs#dSZ|Tig#9^3AY&gQfp?TP| zOxKKVvpOB$sQZ{(oMl2)hnd&^VFK1JS?N(a^;k#G*cGL#@Ij_#EpPNtIpkS z#Lt&)7<-5Qw9jR*Ir_Q#6r@`)iy2#8o!nXAGgx61-r7YQBMZy39)-6$Mr|##^)fI{ zq@{wjwDUoqFV5R&dh}j0X*3dUC(xDZiffibmX)?V7@JhwnCNlK9UUA)hq61b9fAfc zVRZXCraf`rBk6>>U=>cail#@;%|SY)qk|PP#$twl+ErFH>5C7ZXJe|gYciuyUgm!5o|Ime#lm^BjXcs5Z5O;<$sfFD1A zbzhZa^8cw%BiGXWIqK%R&++y6B-BVLfnra{Leb-K%3$skcvN(`Gml?h@Q@`rP-vbLT$&-Px1LO!7xg_St*wwZ7}K)>-GdHMs7} zxbJJBTzaLdHMR{tOBx|>bXP#u#g4xycM>8ZCA7EnI^{ZcRNgMp7PvbL`C^vsFc=ix z@Zv`bYQ}^%DZlw>!M1N9B?*`#D%E;qBmch_5hCb%Lwp7mQCFm?)T93L=EW;P$|F?7dV*lHYI|OhhHx>u!UNGA3yxQJ2X`GENkO@))ro4|}RtogcLEuPV znjVBpx8Fn@CXeeH>ZHl%)Bc^tox>r`6XhIp)uRFOTzFD@VMe=S>Ir_C2C8qiycry> zI7n4CIvz&WK2qRY5EfdTaQY}edp`AWC9J@0<6QtMF!SxgZDtF~?!HAq&i}G1D!>0pqY}fysblisRoP#?S-;=KqT+MK2^h4h=T}+)?G*hUIB78BUID5hC z7X%??;=tS7tJg>aV-){B|GF-@k<6{H&xmJi&r_Fuo*o{2)jL%v$hJQ*t=@!Qzp=X? zmMrlXoK^kc?R5RhS^K8or=iX%Z(n6%>ObyoUcT?+)`78VSi?JQls-Y}82rHK!B)fS z6}I3>roo`dP~}oGuphhnt)q3TCk73~t@a4_U7(OTAFomoj^Vht()EAHDQ0!^Hh&uO z7N#aw&tQLL9q*=ZtVuj3!{fU+R5p8HmZqn40Vi?-=D)teZH7Dx3!00pb9dTpNMZ7) zsig?Cfkgp2VQV{OhpefeUX24ZwaY5jccs{yc`lxHmh)AuOxn#QDF>|k;83p|vJ#42 zRKCR+uaC%5592)Y^XE{hWrG3`%~+JQbSFP{UCVV?Yu(eIo$1!c3s}kJ-DnVa61Vnz zOb`3E<;tV=Y9_GZvx2lAyEbhB)V1>5&e+TG`mbYmmx>zE09OQIPDO{Y{UrZT5D^~>;6xmzp@bl|kf@;|H zc{H=hMr~J@sC=oMyKVcvxp~GTq{aeiv_4?f11(iHE==1gEA_qRpWx!@)rC^v*f^i=STaP#baQu5dz=upUd6vd3pS0yg$EB z%D72N{|yRrTW4*x`#SrPPy2nLPQ$JTzozu|C-S_SI(+EzjcY}zXE-dz?jJ(LueK0X z5g$osgi~RM@}`n`s5&vs4uytq^*U|-?qsz`qr0K}YbotuX?S?K>!e%6`W~mfBJU5w zPuG^BSltFUUDnyS@}dX~V|p{MOKsCJjJFxFh zg>fMHVwx)`iWF?UWUF~oiB_9X>nvQrvFm=bZN*UPG5f6o-bC-1A*iFxEMRYIG5dH@ zyji>4lzE@waw?Rgy!X=frjjVOnpI1CsHrKKuNngt!|$vtMCw7R=Id?=-BJ&mwoYUo##7EaHCbgPuqI4Y-? zScZ4fJzR&BbWJj|TucJ?4U1b57G_5nsRR@|25Y#8hSxdD+}6PhergmY$rUk5TqwF? zzgZuTOCUX<@T!d11y7yjL#u1kgUl7t(sy8g=B^yukE^L`K`~2QH>#bdieONCBxs0I zIeS6ol60E$>>rz0aO&mg@&+Q2vvhe`+bm0j-cr?QM$CJZCwzFWs1+Dcaa6ce<*- z&gmFyq$tM3C?h@fG>Lp1vwoE4fRe+l_lJ9xiVF~qwpqRRGcg5`7W}sFW~X7dacBEw zV!b{amE2rQ^FgGXjH$)(SaN{Yg7qyXYjf6q&eY;wN!2*4#A$O~v*tKs>O^sq^eyFX z3BTv;_M%ov)BSf2n^U93KT!?iH3X{)SD0fS$1E-j7rJg|jVjJOC0GX&2FIw#-Ni=7 zXW%bW2vLJY(@vb{gp9lv_51Bib;*x~%cEvaN^qpmbD_v=lipM}OjK1N=j2@hO6e=< zX#wshyPX@d++Plh!eh{ZEB+YICByu) z7b$%%!h5oA{2r;FNVm%K{yQXMOTi#dQ{Tmq()M?8JmE5u=n)*;hTO(TYhhEDKbjEx z#P_``CFdDI&t~V9eYY(8v$QvDqH1?&t(jgQ|=%wHq=>owDScK(M!%FjoVG*Kaqyk3xYV16*`_6#Slvu|M7`Yhr3_(lo4 zY50)nVxw%bw}Qx zq#I{XT5cAVp%3A89?4q?C}_uT9U>2sT%ogXZm&3ojhB^X!;VV@<6u!9|BS2uDmI$m zyuA@L3~ChVv)y-6*e_27u4Xdj9a!uK+qw+6w^Z4_&=(2{sxO*LKM2WVC4jps&bzM` zUi$n1=77|!IAI%=yrvYkT5IAZuDXH%{Xa0oITUQvzU2}@$cCj9qeZX&trKlvN#N

{E0kX?W!9d7rB?J{CveXUOMjjgTa5xds13|gnG+ckO46*YZ&q#xKe zz>k4-!7aU0H6nh^8*kR@DHFV&VnO&yEfu*}{VS*DKUCuX%tza7QQO#ToUxAQm!uma z6$h3pTB0+~j1Y9ceYex>{pfxS#F#-qFOkpka*;E zT}0X6%R!IH+tCDrT--YI*olZjP#hWgI{6O8|L_)-BHxr5Rnt+R9H4(D4)9S>D;ZJM z23yPQ9&;1;Y+Ug5ylGyX8h4{v*RtnlGTU<=wF&T0uJ(*2YkRUlvXCxv^?(hAm{ zl<~7!GnbhEg7Hs_pTk5b-2QAN8=z4=R| z)c0``o1cmbJcn2*Lwp9X%w`VIl(sk&*tbj>oQ$_Zd%Z2W;%Qt8)7p~!tl;(UOj7$CxdNUs;epIn3M#sBfc zP+Al&*cwtJ@5F24NLZ>2G$XYrp2@9@H{alKiio^88W%*)m`bU(xnT3>Qi%5iT(Iyf znl-sTZUk03o9J1TpI|%Ep0JtNR-ibDO>Knekl9N9(P|E13iFU7)Mxk+Q}C;e>(%J1 zD56xKN3Oyj>HiXLZ82U2JFq?#6AZN`HtyoBt{DWtHi?B2^TkW_uhsO{EFS5@lhU`_ z8_rKHCXLIQfqoM975#-!?u&><+t1{nlaNS7w|sbchtgvO{}m9FuMuPsjm@u-~+K@!kipZ|#UKT*Q#~?;(lS=LZYk?cLw=(|#f~ zguV-ca=v68`0`Du$XBP4&tI@xUer3{zyE)mAqLy}4~(Pe%K< zF=@U_zx-6z&Ax9Qtf?=uyKc&XTf%Og(#zpP{>e+3}W%o%wVEoQcxU?e)m zaHviU5zjQ%tChW9N%x7}Sha%{i13#eh++Et*E|Bu8mKvn|0n#kQuWpMhOm-tsP=lM z(q3aYx-6p@B=wl{eT*umw40M)2^y1 z$a8H+vSf`{CcJvd?=~2HA96a{?A>#o1$|9A}wncTMF z#AiGdY-g-?iDS_w-V)@XOnAD*>8@<^wC@-uruSeZsYvKYYBV6-K;Y>+$yI({!fO0{ z%JibWu6zj6*M~5U*t7eZy23Y z9Iv!%G`l;gk70xUe{o5K1yKTOKd;rQH5%xTw0>Uiv_DlRlGaiPj|}>x`dFOjU>h7%e66IzYdI^Y1AVRxt3B_HgYBvuaolMXbH!z zLqt=o+BdzDIPK&A@HhYGeE$2E|M?rObo|Sqq7MD^fQzux4bFixb>cG)^U3jtvhG;S z`zBn$Est}QATqn_lgLW)bGwjiU(&)5p3s!*t#i9bxQ1>QvZHNjsx{MP_Ya!O^>}%C z_51W}s#4F7Q&s;6H~u%RlpltatjgMBNn;gdBcCp=1+(7wP5&g_4Tg_Hg0np)pJA zr1V|U4&r_nwQKmQ>(|Gx^n z>p6z)2N;5(9%%8pyA322WzlJ>14)2yDJqaLiVg!KRkfXr)Eyp^;cXANu|bsX1(pkS z<)HE1<3-rqxLeNZ?-tPM{n-ese9L2>(V1AvKt9+>a&{7%24ulFSdwUF_SpSONq2Di z4Y0Dz`_U-5Eu`+2V$ZrGO$<~GNC3HQbpJYSD_a9;W}`;E{uPW?6fvt+=Sc`w;jM-T z+^s~pvu*xTjzobHi5Yb+zgPhz#fEM#BxBL+>-D>Ov= zSmW4W{oR62Z{|`}w?cU2#aq8QGO9aj#zxW~bn*ijhYrkKd2=aC5 z=Bc@I=UtnY7z(%Li~^O)H?p-dC&C94QlYf2N{=bsynCyH-TcbJ z4WWt~o8vGYs^_)UA*fMJy|FCu2cnDqZRsBu&@6C8F>B+WtAyVF@WlUbYj-bvIgC8~ zd+l~zj7T9T*cYQB^i}(d`Q;brYWfGv=94o7np{04isfA;A@9u(v<;4%Ee@KAM1Vjb z1BRN&)0M!$v7K|>)#8=&vY$~>Wk&79aFv6}*6{t-;KJK)e@Eaak$!4?ejcR5*^%47`pMD-PZ-YK+umzp>D#%IWU$4?};#kQH+4ZpW4<!y z$}=ctw+T(!GU>!j4t5eW;s2_e`aAR5Hptt5wqw@zpoWb)W0RJmx2N6OZF~VdF4MxM zr8j1|_F`qGTE|*X8Aw(yoUN2E=bhkRT7~ZEPbA>o^m6qZPu+8F8IFeRXIcLopQ8Z# zTvHa&q0*TyvNokRz1mQGPbL<|4ZqaUm*Up4{%w{0e5;K2m;@bFi7C}#)10JWGWv~n zS+`8Q>B=LG$cCA;`=(zX_gv|4QtCT4=#?I)-h@L)`yeP))_5vXr>|7@HSdI(2XECI z$16^=n?s}l5#2=spn8XA3iv~?FX%dJU3Z^9$Ej_Ey$Jrt=#2;LSG$fgX@cLj+itI0 zl(rDI!z|hVpacCs>hxmYyvKh*N0%CA-k1K0j#36wx1WXTOP;K}ch@W9AZ<4WE$e{Q zn)~Z8A`gmwB&t{Kbm?&go78sQ$`W-Ko$@GOd95{Z2FPybn^roRh3n(2xwbjcPpbF1 zM6;vAp!?EY5t1l-jLpQXpQ-*abmN~@Oj%X(Zb8T(jaz=4r^7J#8~`qA-CG)>K-xlk zz*rdSPk`I;l@zYznUrov2Xek)q^P&j2&GXn3vy#;2vfbk7PHT0U{H7=++8hL!N|N2om}_qJfONP*_2fUN$?H!QE<2uq%zA*-t8@7m7Vxrc1mUf3!L;TI|MYkL2Daq>W%g zwIR-_Zq!Jiyxl*I31X2363}#_&{P$PRke;rHtKq#gjQUvM+PhcEZMvn|H?jQ?=+eC z)=fXj>y+!&nASDJo0}6Rz?YC2|2PHHIZ^yTfpC*`HOlLAf-=+fpxri_N2Zu_njw=H zQpl+Ft>x6o(4Wsgh2c(i(IEdc%o6y={8D|+bVM)nE_?&1KOdKFjNqOtI7b@XAm=a) zt`)l7$u@$?hPCma>`6f(X1{>e`Q~bh=4T*&Wx)Qwiv0i{_7h z5rnPUfrK}~5t}jI&g^|JC2tleN=IH{rsm!8l1OP+!`t=UXEK|na{1CP$jV}v(~T}R z8C_+1outWM{njj2VE&XI2kbVl=?#0NSA%IHPrT!9gN$D{no=8?flKQ2;Sog}Xp7!= zhk8|6*5mh=^EP2{uIjdnDb10GEuL1p{8anT*(GzwK2ILCtk0|t3tubLbG*%(hJI4pf3YO&nXJa3esy?~4>xFQirt{(D+FeBQdT9#N?<-Hf<6Ij@x;(ky0DKa%XW z$;0NVi$MO`MVxk`L|#MPU~bN$^e|pcKcr*98NmxW4X`v8WrX>hw4((SxuV`bYj}zD z&hY0*rMj^9{WV6e8V^Z?`eswD;_ID-`pP>5tiDgD5?DxH|EIP!UNM!ws49fHc3~W` zCx*1`x?d%^tWAeZJ|{0)R)dYf-hH?`tc5iH7;CsV8xeN7-y*EGnx0}Fcfx=A5NF@- z%T42}&){G4CX?1!356;Mn_}y>bYYo##7rqa?sa^H>*R17-|qz-e-rg0X`^naZPJXG z_h~=E!mKf9-!toea+O+(Yh6g}N-%3zJe^{%1V|;uM!hyQR9J)KE^@P&o%k_fLax71E|8;z<*t z-&%?}-=H$^2{3Qv!{vPAD;2eN6X5ec|3SHaIGj$lWr>@~}o?#lzCbN1=~xIUkd zC+csQ*72y1Q`PCFu`x7UgJ1Y9mSjL0~5cq1s_#=E1&kwv%dG^gvoJTU(pAl7QKKr#L5Vj5D~ zsX18wM@92y+sF;Eu+gse5dI%yY16p-^t_Jsokg(azIN{${U96)Pmc|?NE9k*FCFYY z0oIa3181?dLCz6JrZuR*5%1L>Rmdi-k~440XC^fumCse$u0>x}d zhj-mX5J!;DeL3#$bG6KxAqgc014XqK^SaWO+r8Nz;_-jC9&m$%%QQ-iF|P%%(a%_V zFr{unA>6akO!hUg=rZ?&i!)qIfDd8E7XKoE0P3H+6Zwr~)^+VdXM>z(p9Z%~_T?J$ zWScJMESvznpD!f0TqP;pax!=xE=qlhl?baT_WNdV%L>X9uZXCY5SwiqDa80$8pwfaJ-~lPqY1_tXhvCopKev z^n4e?;p>8?Sne!2j0k}bpg#B6%i%0+!&UbPp2-P;VQ0FqZ<`GFR{ERLH`(a8@6sN# zY-jZ2@&;(fUM{JqC8GnRy>enjmi0Wx8~K^#c2q+bI(W@FHc0Vt{9*U`V>Y&Z4Q?jr$H#u7HH3Q!1xHRj~vw#(R z*GaWKn}IPQK5oIiLdB`VHy#B;z2%l>5=a~>Yjy7pkk5E;dCnLj7-?VGvanH0Ztyww zj)rc@k$urDw)nQwdv;2#%I6Ud5aFv*A=0?-c!`wgBcA!Y&shbfB{?u?AAU`&j5NKA1sc|$_eam zhfh`^w-ucA#$VL?{V(=QTb+IG=9hn?D$G|PiHZTznH1Dts?F&IEql;ok_L-o`hKqF zqVlA}zK6Xg)<+rzyGX~4Fdtx)jJoIoKF!X zLOt3Zi`Cxv?Q7`8gk0Ja0BJJTp-03KG=GJBdvd#9dQ6lvd4Vv@vIeXJr3;tSc(d`! zWiOHtn~9cAm6dxQ7Apdaq!79eCX=lSV{K9Upv?Ys3iYWAAkvvpM)EYY%+x;9Aq1!w zmuF6v7rYb2e32`E`T-?f84=noBG~!Od#2B}0+{ULa_Tn^9hR}AvyD1>Zr+njcO2D!7Lmc>Ni zd<&1EAMqX!s>+v5;U?QDMc9Rq?jF|UKhqGOX0-WFPx3yuF=+3`xAxwtnr5v&cTIK{ zteN31iY+fKz**P%8Qu*b z)r~xzAPVQiJL7vEIQ&${`^KmhhtYMIhHy@T7SQXK(;yz!ced^SRZI$20i+$X-ylMY z-OL+l46pbE47xi0%Xtk8Ki&WK1_3wGrhWo$HqBXSB)R(;u|-}Bm%f*VAf_J8z z3gq_%vCM3Cuh0l;y-z}7gJi?l$RwNM(Hfn?@?RSppn#O?>rq5C>isFA%gkd?#Zu&_ z7Rh`g4kGu7xpm*XnaGRIB}s~_i3m#*kR9gVXKKaMt7tpZQ>A1U3J$@QG)bDNXza(K zl3Y14=|J^GMOgSJIH`hZ92d4yI$Ddvjd&}+HofCb*i`mp@~ah zIf28f@2Gf~D&rpszHv(>Ww`G#jEt0vR+aOvNvc1=6I!pq9|ZIa0&0c~zXxPTMzFI} zr=p|!=TRja>=~H4jXg%89HK@r%n3X8_vP2oy0fevTBc@x=yxdi_3PC81o$Eh(Wm^L zjLS9(vQlNe*fY>;9{2X$L*T8VO~0hT&xQCrnY1(S?u~Dc#mQwC?r=k&#! zG(LIXHHtSf?`80WsRFGFiz-6VbbvwtJra3hXlVD(1tvrj26Z;h65~S!A`hMZl+%FA zVd74G$`zHl9wt*W7;|#1?R)7z*N?*v*~g(ft)?cNQviR!TESDh!Cm4SAd^b7N3Y6M zbd3bgG@FxUrG(mp(eo_0q0-lceDembWoi(fbbb{Dz;?~+C0wI`WuxU|25vd;8 z4UqLrTMVsa2i2{>h0?M#ax1Zto6i>sxa7Qy0h(D(HS2v?bcEPrQ-WK|pehwNr5yOi za5;Tu65yMYR`yAB*+8f5tPv3?JlvJ5>2MdtJ|6G5j-2G%fCb}#AV{ro=v@6dv+5k) zne3bi!=Zmo)6?Uf2e!f->4Or&XONrtPAHs7czBAa3WGa*y;tPb^%Tuk{c7o{>m5zc zGtQ9P`mU8Lh8<-z?#fR@<!MpUy>H2w4xsG5bOhVMZzFm;u)+?&iHi7Z+{% zZ9HFitw;*W{au9JPc8kU4*rtyE>i9;fp=+=QIs?BW$Y;GO#^eQl}%GPklrv&L5@wL zhB%%)*A0`!uFkYigy#eV_?B;8D2l#&-n15-;cA)a8VhyxuUW%|-oH{kwH3oi2+43Q z%D8_O*!bG;Lk*K|{%ex=Y|(n?z1@b131$d2mn>1kY)r8)k0!4VW##uAtZahrQpSE< zN`%IjB!>MPcjBtNuY97M${aNalUsxs@U9JYBPZZ}6B9h~8E~Oogif2{2B8wFIx5)E26gS7_kJNHOQaht3jRq} z_avDQO<0F*BhefpufHBM@T^|5lYED|k3!xGYZ&??XW6q3(Le>)syoyYcU#!$B$$j7 zeF4v!Z?;mrsi~|a=#gV94v-5i5FoG%4hVDRpZzI@3DjQ;PD26N zS9?8Y^E2tee;wQ{i1{(N>Pm_*2X7?sKB)jnqKxW|_JIPk=}bGKPszacHxPlY2kaL! z<0_sJE)OBEefM`{s*hb=AU-OZ=ac~SHRO1i3~;AkKhpu#URULoH~TH75gM_$K&(k9 z6Cf7w+pH5W#=;QiL{u2qrQE2?j%vDCr0&3qStX>VyM`uoej?^gEnBZ1C6or34A*n# zz8-UtrtP0B_Ta&dY`vT-q-X|8{jJ})C?J8iyNI`i_y=2+t(Jf&RU0IWZg3>jLsRWYd+ zHC@Vp`;hKFUP_`0ka9DQ|4b1Ep9}9t8y(IAT18;Tr8&>_nMgJ>VD1LLgk9RX+H%s_ z6{VF&m}GEEGSErFb!ncTB-{O{K`|9sF6){Z=0w$!kn6?HOo-rD)VTYi7H_t$8}tl3 z#~a>i$@Zbj!uK^msDGfYVFY~V>Ndlxe);9jV2blggXP{y6S0pev}#CDAE(1c;`Kh) z>u{6bZqLpbZwc1Ph5K1n(ykE}EeB!IB%UOX!rj6tnoLZ2&c)I(y-4*9#6E)b@9~IT z?$KdHTit8XeY|b`m~Af<2pmK>p74Qt_DmqRF;zfC(t4zP&+}$gX*2p%sTC3q8!QHd z=Lc8gG1v%RrMbTb;)PC4t$f6MIWD2FbgdA&@OifsJn{M|@#(AyE(c*N)u(*EG9*Bt zt7yQyFMJ^A!TrD>;9$OlJa|zxtCd6SK>OAzyh!DPT4}{p?=3!%|@vrU+hQXTr%_2!vLy|HqS@kdnq`9aI}f~sD)zG~t%v&I|Y?(V9azTy)$ zpYGbnwc>z0YIyrb;bj`W50UGA{Wc;oQzd0wM@vR${JBCj zC=B5rursG$41Au4mx&nZVd&D0M)$FSHUZb|IHy??U2)wEm>B6~Mh3Pft9|9tvYsKG zT}TSj7sl;=5|M2$*0KU%8&IzC=eCkzhB^RWswUpVoRil8CK2h-CT1Yu&*bE_tr-;( zIp9_en@>b|F{Jx74qL1{#@B$10KUvOVPE=1Zq&I>#0o_<^n6JtouJRu)`Q7D&Yeqh z-OgC$-yb;csxgFlfj=8OSPGSG{|UGyV&oAa=`zenVCpi2CeRt793X3Lsh6>3d-ukB zUKAyoB883x$$>WwaV;~Q+PZXLMC!f!OJCr+S(v^b7e$eXsUTHhrt~?uqnH5X=fHyY zGruVICZ>3)m{0FA8La>q1A9U-J^(C1f;pax^;v4hHjG?m9g7M!L;Q{|q%0fL?@U9K zd!bv5U9XeHDKR0{v>VO`4trxK>E5zasds z7WcUdols9u(+s>9tfS-c!K1f^9-gyYNsunl1d8S(16X2YR`)!6(LvcCf4*xFE;Md# z^z9kI) zh_(eUmw@N$b8oypCu_9ewF}=;TrDfAnmzrXYZDqF!Xx$RL7zi?Ahu%c!Aobi?r|n$ zoDqAM3n2)qnza;ZVR9!XB0j4&doKUW0H5j;!(sS&EZFLYiQ>CcO5<-(rjL`~A_BRP z+L-Ai(`mhSXAGbWO;@Ht=LYzPQCB&HUcOO)?~_EcL5E@9?Tx;C&ov4OgOQq^-9KLk z$c&+$1#@=@iXXeC3u{;c;Cl12(uI?ciC5uK=nf2A+r-XDzxcFWTTqapwS|sIb9XmVRg%YEt~AX(xhFJY?2L%$U&x(o-JuaQ{n8mZmmP zYaVm36vV!l4CH=wbeJ6iF;lCL8;87N9Wp!`$-`ffrfipnOf?19^m+!!zFp#+0R|95 zU7>7}fr&gFeiHfIEobm#rB#iQ!C&`k9%js?-h&Ip?06Qhhw%3_DUUoBc1KJaX-3Rl z(@a^5JQQ8gL#oq*PrqGd(k>*&aN@3eWeFIOoViJ|x#(pFpN7?A9mXn=+&|uo_}sdX zq}U09xX}ivHwq#~?AJC=HMD|jzKV~MvaN4#Oj{Z!6)^~W(1mog8dpr6`XxAiT&v!l zx4phldhBYKw=356{=6L6R~ngwDl#Y4A1(#2rF%S400y(+qr|t~vvt!D2y32j`P^TJ z$mgxS)5^PNrx^mGvzhhMh!A>5=tWKIgNp~Tf%I{dn5MyfWpsHmC)6EW08QO!6d*xZ za&mHqA`giA8tudgGBp{{p7brbJFN{!7piVZ4@%zHogqXt6a<_3aci(dHGj;2YLwLl zsLhB>ia*==;I5IlBJWA~D<_CaExepfbRYmlxN(R72&SJX9^WRp7DI3TBr{Vate5*m zM;j1!)-S7rG*VXSYf#?PK`<_wfr9ZYs#i4V6K@*@DM}R@;B|Uh)q6E2d^EhE#}0N0 zx_0tYV_Z3JsrR|3(r0qt4f@k!_^Ev7!^P#h?H-s?zNHhG%EKD zfVN^(j!E?~-M0nlBa^UmzlfKbV6dw-wQ!h9bQ=d|7QrwlegTTqfPR21h%VZ6X3v%B zf|SQu3+VY~(PhaCW<$rWD7qE*2B6LL=^5b!R21;SiZ)$9L(x=!6kLEwWjMDn951io zg4AHC#x4M;rKJmZ$8kGEkrnD8tHvJxK&FhTp2FhXrhki_$rJV-t_O@2A1}F`Xz_Vh zmMQ!EH2k9qx0@Xxf*1ts60iD+=gYL|h7YOekh{yanZKgY4f3LkRfeemH`Efxhj%Bc zWFy(wY--`BMK+F95u*o@dV7MND!0 zgqzhQxn@AV9*HHP+!yOFgl~z~sn>CR1*rBAa;8aRW2lQQJKq=89@aZ=gVSz-7g<77 z4&%B8-9NZ$IxYhU88e?f__1dMP)ZsmXgc%pIL&=+J$==qmpVCPaQ6Jrcay1qhH9-j zkGBRCWLMNU`KWe4a;hVC)cHf!%KgWHkUoq>s=f=8NwZ$LnYjX4^`-0J`IvIhuhU}-Z9#n31~-`iA(ymgU)oI4 zkt*`_J)OXjdy;XixDB#^g+X;D>lCrm#AEp86i~EfFNe9&xE84*0Q`w+fMoyvCmr zyg`2>Q-tDk;2%~tpD|9QWu_;}QBEMaYakk0cy8{sf4eSOCoAolL>d+9iylq=Dpr$D zZ><|=Ri#b_#C8TkQ6xVN^t5Nx3c!7^s&nm?c;u|KO#BH9>FIf`dK8$e@ie2MYmy64 z04BD7{Psz?`qyM6?AaS>r3z{z!wMT9-*`uaPkq-jZNM7=b~6#9L{$ySWXH;0T_8Fl z6$b{QwHBVeQfVwRIsJlRrbwq#1yYk?OIkx|-(Z$^ppg+X+e|{DwW^<3QzK!B+*I;p z)&Mdm4p!=tA!OXApY2@;u__xNlnZ1-+eLZ%WG@pZZG^u5Zs9geb(3yz>JL0`7DWa* zvP^9PU)U8GB`!0wyDf7BbhvrVeGiC=io^*K=4wq+7}$P@8B-8wVv-v*L<-ki?H}f~ z%C%XJyGQa5@oz)dR7n9_p-~ZFqs{THzs6MWu57B{Gz)~!)mbI{C^syrS{bXSLo9F)L#Wbn@bqyW3oWRuli zHJcBNu4atA-)cJW^|-$Prb&>aatTXL2(#^P4a!a4Fn``^b0){(0lmdcp&cB0D{vgH zkEwZ^gVKcve#m`3f`qqR2Wu|`zmAkWapm~LbL0iImG|q(rqgygl#~86eLEZRl?*l~ zb|~0p*HdR}01)=Jya!ye`{+%CUWt`EBdMVW_g9L9z4(n#`;P794$3b3H73|<@pohe zBjz^-)GXhxeL`c4Iwb~h*m%Abw|0Ao<1mVgK8?LT7voN$UaAx%+8Z(hG@B%Hj#K75 z>?A2Ye%cS`%LYsu6VTV0DGA)jio^8}s&Zs~_IdITCVk}a9n69+3Z~AAvwt5VkAS%cjZdjhuvwq! zAnE20RZ!=+sC(_nlW!15c3;R2^khejdT)t%;Me5#QRF?~vnVKtzajULAq&j#4*3(~ zYWEh0&Tu^pcjAZZX1;BbUhXyTd9vDx zjF;@Mj`>)`_4#6Zh62-o&MCPpOB=RGu1@f}jhm3}WcN9y2u+tYF(#RpLeRPefSX(s zq5j1thL7hRI?xFb>L9sP_Lp`$YPjlX!~4_XjnhGxBy|2vsbg|T#LvP3h96VV%7Q-$ z*^lDexJJKkoMHmFO(kmu-Qf3xEwQ|eD&7zg^xc!?Ug{c%;h=)FedIzv#K~v2NW_K7 zhlpve6hI?ef;{b&tm%}HR8O|uDtdKa`{k)g0m^)ht88S$&B!Lj1)i!H=q}DVZ;8Sz z=1{wk!qzEk7R#iv7fnSew-{>aB<#17$SuB)I!;vT(GyuA5q6VT8wL>x_q?RAqQ$}F zAoQOcK*I75c`oVkWkmjQGcjE3T$9U%*IS~o--4CATFlrqIMb@X(l|O%yy`t&;leud z?hfas>U>3o__`lAke7y8w93JCc>D#{S$~*V#%o!RN!}*0^4RTM&yYe{;cDT==Y-dp z-AKoHOOlh4E;OI+LPK~sR{2f@JHUB%_=liE_DDgrH)NcIzOnISn;-MeJ**T84r0ZR z+053Y!=wd&GGKH1zWoz3gs}v*>>tDV1v>Ve!&|T2GnvQ|&QoM~;Ahr}N0UkptOzvXVai6ES4kp93`p5#IYYd&G?b?i6x7>JY} zdDX*P#w)mb1VcLO6-9Qg+c~?W$Iu*mHq2GPY+Q#gT@xd20u+`DlVEDYP<u z0C8|8<43`{#M_1|nHxz8UbD8;4;O*O1~9pRD+Vin_Wz5qvy6(f>DF{N?ry=|J)|Lc zAh-nx?hZjif(2{bCAb6&0YY#K8r=*7JKh-)d`1})R{s1+Lt`B;aiW6!rErSGxW zSejh|5l!own%!P&MexZO=djhYLSyLqGU81UXnp%an{|vLyY&CfqU=C0ouoFL91d6EUrnH#H9{Gy~~B9bf0Cos`B9}w%ICBK&pBG)uyrPXI6 zOgTw%5St1s5qDy(?)OUjZp$d-a;9udLZ5beyUux->*1kaRliK=){s&Nm4PH8$tyb^ zmj%R(H%qfykH63mU$Y; zg5)o7)~2~s=_2bQT?~~d88_CPaqZwj^F&C}@ib+_Q~BGmd7NrdItQ2tNf=s>*c(!juU3`2UhzyoQi+XF>`5uiK=g@p%v-)SLnK`=(H`+T5@CiTDS}Aj;ApH|=ED z`#c@}t|9sM8B2QJwVq}ybra%K8{s#m3+8hwP&cN$!*z^ekh<`&90*+0U>j3{+rq}L zY~!Hy@mZ3Z){rug09h&-V%<@xdOki1^<1%D5`^zGhCO(7EsHtYW@N5M*#9 z$hfBcbyUnxbDr?9FpJ4ro|O>M54D@;koIqNY8lbETYYYrqTUO9j-;>{_t%-T=kyZc zAp&lo?>mwBgEnjxCI%}ShXv6xUXIK>H2YoV@gew*m@mKnwvD(Jbn%GFS!yONA2Fdlg#}b56D}6f>tbnwS49OQ z#Lq<4Mg*sygoOL8Ni(0*-N*|kAN~y}Nz$2_c9-pOFDV>D&#K!2a<@-_->6R>+389a zYy?S=7EDLRkS52A0_p`SgqY&&n?xrfD?>}t;aB)4>fs*PZ%eaa#=AD?D%xAh6cxA= z#$KssIGf8+(PF0Y+3O)AW12->=z4e*kvE)=OcGkef)YKNfNGbM$NhA0 zH6u9S3Ekl>x#H~EU`4z!ImiyvhQXkjAVDE8GK|fCgLQbpkxq+DnY|NN<5OMv!jt0c z4!BLFD|EhrxC+zI-hq}ev7!+yuK4}%8($?YDakEoB`+QJpMZmVbLxgN5D3;T>t)-4tJGluzDJDnHrZNcc*TA#+mcu_ALAX;M%{%$5v#>0h16 zJYIPUl4I54f|t4({F&1@Kjzj}-+|6gMw^c>2sKEkQZ6_x*`py{mKn&A3oP3s2(%G$ z&Aa(8I8$ivs4Zfk;>_(JT97B+7*;NYIb9ISR(k*AgA>szGKs8ks~5XaasLOepV=P^hO6iUZiCZPBNJOEM! zsq512)REq?ZPJ+%twk=N9t)WJAhOn5P%ro_)G8!$9R;e8#O}T7|4ueO*jcPgxgbK$ zpln+Zfcz(p8GQ`6;uPHFMXjuOE3ZT;ATQ=Xrhb;Y&5CUV51Mw{F?KM%iiw&xEqY4%dg8-X zbJ0mH-*Gn~u7ml{M@74?jV{4A=@s%dad5DY0>!*!tpQ~Ga+JFu>n2?0aemi0cmy>s zy(EYH_*`js&d74agWnFs&QIQ$^{Gi5>@3B>o#(tyevyvj zL%Z9|yW5eAH?=s|KQSYL(5u$cGJ_3uU5YLE6)Mh-p)_lAdg$n7q9ktHc;wo6h;|E7 z@dNrRrz5-)vENUnWJ;=(@Y18TeaBG$@ZJgY*IbW&Sf!}baq!43fY{Eta%f%4VV zBx_$BDGwpE#XT{_`o+-T^H(B_&IAraAz47t{D!_s zc!jMEGfMu#dpm4d{sx4}=I&mD_J$PiJEfvM4`(%4RWJ8P4q`t-3Z{$FP>>A9*zh}g zJ#ot+AuB;aGNs&78;8xIY|=1c_0U@J3V~{6u!OBQNT{03;;^cl8Qn2927iH;g38W< zViSj45aK6&M`oJV>J$l70QB{~zUbaTY3HuCK25vibnulD8H=|`CrP~uGwjNbQACuC z{Z#ZTt~+tIqDM#JdBw=qc26kvS^p=w?H=5&^DW&$PxQEzn0Kf^$Fj6Z8@b=b1Jx)Eo~{;&Jk==84~=$@jTmp zg*>#Nhi5kKn!)!+UiX4#hMk$dgRzn(Hg%aM7tO(M#j=Bf;Cw<{NRIi{&!dFq--0Xs z%ih<&dgd_95Qw(}LM=$z(JI>IZ-#z{Z#|p1=9`~G?-QT2Y}r~K9rz5CalI5Wtm)tD zRTPdO+Ieghxu>PL|Eb@eF=*fvhZ)~_^>fOEY- zY#5@Kl%lsNoF^U&9Z)-UA>^)hhj(_eQ9iGYBK4nFkoK9Af%xBQO_xrCw2GyE+YqQ1 zw>S!akmkk;#w_NnO~(HiPoaqw^+t-(r$ek%Q0= z+v|zwz@s+IJb3u5x5<2uRH>QH?C+WM2=;R4bT?#opepHy zi^W3l$Fkq{XKu0@zff-HKb|=c?|HvMeRxJKi4gm=E7hmFZcz@7YLMJdUSv zEfu(t|7FVq-vObY16n0^NLnwP0UYbH4K9t5AwSp9D`9)y9so3Sv}Nc`b2u8+zp3cA zdTnkIb)O@27gb0l*CwQq>8>LAY+#hIRJr=4Mp~g!1%^wTE_vDyn7K6&Gy1YWG750v zcGlG5PTu63OeISCF6j7f2#5`g{J_r;g2pY`Xyc6RJw}8=tfJ4ST(dQ{961S0AG8(N ziAAw)K}qA$oG6AVnxmntem;-4c(WBxicH}6%ZJGq?M&}8*)R19TDG_bhh;fO{Y0BNw!jVBndjqQE8y!Tt#V!SiG(=69APYyAJAVSrz%=@KtBp7# zCk%_D;2||hI=O=N4ys4AF15bmD#WzGq_)ehSPAB~gT&1bS}y~$zEKr_R)8Ywph;=G zj$JEUM%7b2o$x7*yRvxc^?K!B`nv!7cOf^pmL@7|$9DgcN4w2!#;DI8wwLeT<7uI5 zgbq8clxgDLkjT~)v|MpXXPEn5989@G)hr*yBC#P0Q=bgC{wFzBlH>zZe4SH?f20b_PV)&P&6$2< z&cPhped|e~=HlRQBriI_t=V9CvQ!tobi12W7+=pTtQpk?x3G2Bur>O}_(>gMNZB~I z@qrro2&*Sa$S@tv`W+iqJ%3`3+fcb@Lsb+Jw|_cDA5q-oo9wgtmI-kh1*lR&O{~F( z3M7yEqz^W9E!}MHsXac7E4sh`?;-uyXA}kKCHcWm`8|R)@yS^e@8z=A-u-ed`_>8y zHZ_EPbgy5hcNE1m)dNwh@?FwC9N2<2GNjzr4-VuQV~Q+XONC6$8yt@5!4|uuXLu+N z8d%T^tbw-DK-Tv+oQgk&VPn-{A;F{xZD*yIWe*j#mJ9Hz&5E4Ks?&U5@pzC&ge6t| zjvpn;M@bn0^2Qu#ljzq1bEgbg)SjDJ!soB@BebIbK_mFR2}!p|>+ZPk2k9qnOJ0XR zyw|_`D=7P_7|`_KU|O23;FeIFXZl~fRxr3if9tg<-H_EW#CAsZq%wBfPrXU2tmBOq zf;%)!s%K;9=p!e36GW-&TmMMnuZ=Je*$X{xX_3$T7=g+br$5W-U%+9k+}~Sr8S%6$ zf{q3q7KUJdPa}q`qH|~q{j-K`kiayi&`m$N<{iO+KkO0Jsb|YM2u#s1YwSCs@`blb zVY(zCd2J4``^j%5-;UQIWL!7yY)-ONf})Lut;Bbj3AZeFOmWFtlG)UuNzltcXSYrNd!#1}Qj z_93nVp(`KyK;4mle)x^t;2A4G{`tfQ`r&)EXX7*;8bnE>8zG>C(2v+in{&PD?XN94 zRT*G|K9x|MQLt_jJYZ57!y-`-P%K(W$nAG)P~X`TrO+VX;%cz~3-r%MVT`scL|BYQ z*ObNR|H-2RbTmA69SeMJ3 z%!<4E96FZ*^gVLJyLcz#Q5cwmX?zq-oH}1)BrX;jaB`brs42}B>0m)?KfguG^wOn0 zU2{Ha=n4#8he@*6-gLo5M8jxIT8;D@b*H&^bPdql%*vnNj&7G!gV(<$adYz1?hU*1=p= z{=q_B$w8GauAtLl!YxYxkWY{8|I zHpGI3vf8iVG&N_t>JjFph)7F}jxwK2>u1Zc!K}Oj}#G@!Z!NCtjWII&S81H+W1NHHC?TTu!M>U?;l=oej;TEIv?NU z-E{0dpD}D;&@x7VI>8ry+8;Erm@?)X=7{@>%7-0hlHcNXGiSsmGOM_5_Qw3h`e$cC z-1Id|tgG(O&O3=_kVl#7l_$|od4|+HGf2K|ca#fksfoggW}CPw>bel;1>X54JlTOP z`^gZ3A%^ZTyo0*W*trWkiBPHGE;bQs*!cvxACgS}@y^xqZrPA@L4Pq1mRH z&I0T=9Y3Z*2s&Yv(?&SZ@x~8b?Zw9}yj1&w+-b5ms0qhNWE0Pn@Oz_uSC@C{|L-Q{ zfBk(k0pzJ2ZWp2p>^MU9Gmtj^}28P`c{y*$^|LQMT{V#kyOE`}|?#KINzw%Of)c*Di}AMK!;MDh@7towV(djUZAD zzeolTN82O+P9mp=e6fFwx&K|Qoy(_4i##0fKyEgZodOY!znSz*^5e2O z@*j$e^W-Jg9(sA+hNpB;JgmV$CfnJ=;cUfP|ALsLx6AQdBV#7+BaumA=k`xgj4mFH z{~E%7^RB&x6>Mfm^2Dx=T)`)PkBqk1#ZsZdEd&Ot_1Mj(%hm+heyd1)CulV*H22gB_%h%U_S& zv1)CO$&fo9%0YFLlsySGX-TUl#9_m^<#2>c*T>ioAyyRS<>0=jX?+U#GVxD4@&8ot z+X@ia&Qnsg2qUdn4Q!a)gspc@NWrlMb;-X8RANde7GFpSwtS68^}nI(EM4|q@F!WS zd7N{!WC~;x5w&xIPxbfKtSd@eskid4YZ;z~7EX5Mcz*t8kimcd>y8XM+V$7NYKzEH zvF;9{P`fUdgD?q+Q`5rFH(f4`j(3q2yp6xu#w%iNHr~)VFwSeqQ^-AI&+eS`B$oYT zmJ!L5=yI5nRCt+6rD?YyG(r6j@$Y}eMBWPd_6-w~>#uNnz9~&+;Kk*Z%x)eMM4H0eV zVbB!){~6w40z8~TetjP$v$I44=0^+$@kbz-cY=FZG<{NL7l>oo=)c@-)YwH7nX+#N z0!xaXjc=%kw@2N2@Xcdd3MruBQuBkf!a3tQlVgD;5L%qGA^ZIQy`ZX;Kya0Y6c|tP z{D#R{kYIP;7D?O^f3o=c3~uuhMvW7klZ}c(Z9APS8=0hrKs^wn&(ZGZYn5D2=_wK% z_fALQyxxL@U{vD=Sp8||NAx(N|K|XY&oR-$hc`^vYhV?4(uA^w4g6fP)?TG;Fu?*~ zeNrCS94VrT7f5@OjrG~>J89t_@-kj+e5AqC0 zdFGkuKSCaCWdViAr|vHaZ+&4rQ9%JkU=$3FM5D(aVQ2Wqp%Q*)EZNwa4a(bWe(*eA)iUQZ z32Z21bvOb$Upk}pK$D{(F^X|d-JYI*W+;2HXj1HCya<-gr*4)Ud3A(;y;R;HWIA4n zcyycje*jKO?*i+hv?BlW%iA6j-0T(QEY0s`?^1iNb)XPmI{V*eifqM88=mj{)@y`4ML=+hT_2PyjHIjB@q`>1&HjVd0qUY~(8%J!W%uWNtb zNmE|Vubf_E1qow}=Lsg^zHGSbHl~)qy@OB!O?=(H8dE1xp@AtA;(j_WVAc1wK}C8! z(gaP(d$GgvIdM%)DH5NSX%FURWa`JtFrTwjh4iG<7!HY3wwxCD`u}zw?kZ-4e3j18$E9u;EL;-EBuZbbB-C+_aCP~@>ZO($_GVK8x=Hu z8+2y3L)~hOEAgwL7A)oREoX@eLhhZ&uLsA@)=1g@bM54!%hSFShXjO?mHaDC@Wv_S z=AFQGLZ{~ zDipwn*+w<-+iqX@Y2R^K{fcW>DE5aqKtiu2IeJIbl;CFkVdTYf`zyo)&FIJ;y%rss z`i|a3CjFS@{VeA93PH6$UjMyLa;=-Bph`TvWjr0?@>_ynJ@J-rYx$(Z2&m73?O5Z4 zeds`T>D{cF&&)S$9=bd+YI04SZO69fu(I9d>kMp8SR9$d@1>a|NX+ve|I|5w2Arbeg2 z7>BFFx$R*_3{c5AosS6Sm~`{W?W3DE+zC?@?)?5?g;@`iIx?y+&oa7}vG>msadUB8 zur#@St*?bdr#bX;Y6^(H6o~!|Sk;en#C@S5Ef5?ZJ4Wh_K^z+Qb^kd>vi0mv5!$J= z&R}94=J#)1($4_i%guHQjSn=|RdbD`H>)>CyO%MNr9d-UuI1kb-|t_MxPM(})X!UI zZtqmC`rS8Xi+KwV18X!!24T6`!{aXt=p+_p}eWD8Fw66$YV&MzEn`W)Q z*@(Jd1&{<9YrEl>?@G#c>L`np(>Kc79zO|wy0E>@T!r_R)lMoN1Hgoj0QdhFfb$qz zl6bmRt6z3sY{cYlX#WN4#B}NmMi2Qo-hMb!mid>6Ky}?Bb+lOT@mDSB4O}l;LU(`( z^5-ZR5E;7uMJb$<18Mt*S_Z6*hHDZ7hxKegC3?M`YVt|qp+qfgeDvpTOjV z7weinigN?9{82MZIi99a;Hv~2)+I$Wh$LxmrH{th(fN6g6ZSp;Qf3r)Y-D(iytAYfqMEEm#`V^ZObVR#o4(!TCjoUuS5xW^OV2J^vZ3ku*$i7=;GWgm3o} z<-i?;-oHNxGXUk?5XJGzKc>ZF*SmKrD8Yl-V&Mc8fhKfLXp)fw%x_Gy)1layx9Eu^ z3}y{nZHF^7BEfbY^0yJB^<_j({n~HrA}UfC9{*h^Ps=BeEaAiSp_K4zF#t-CMnfqz zDc@iOyMRZWoYv6oUlPTmpECa~pa?!WpEOE;x?g>wZ0miUl)CyCK%z1z`waYrd{Zt| z$lL@6EGj5_H9?Fn#G z%De%@h3^+YJ~wGE{J5{v=GyjfUlgMKd@PH164kV2Ba&kY2pjt;0Al5OLXPHE^tkDOyMF&i$z3)02Uzm> z=c1GGrswT;s>gHdVV9!pPe0Uxs--T=p1Yw%+*6}E3Vn~4So>P=S1^#}I>@#Xb@l-3 z!gT^P@-QnYRVA*vw_wX(>!B2eanxdzP;1}stM3j9WbG%uHX5|Z>F7+AgxN1QmH)K3 z|B2bal=^39q28d~SJ*N*Q=swqTqp3`!_ub5fS!V8LyGbw$)lADMLGNwk&!5yxm20i zC(`BtMmjGF3mUrv=s`ma&DbS~Bs1vplcvD z7raw&2Tz$pEYK%5whn#*>S$UWhGo=Kr&UF2h$Xzo`n`w;pdvOwe@N{B^N2Ba#LeH0Su3&zilI8$J)Fyle z*&7>=wE)ylBZ`s=u_n?Cay)=J}Qq3j}ioN z1m&;D3c^o!vu!?iwOIhOWSQn3Wv(lh#7cVqkP!0pbKxBauDJNkT2QM5Vj*C0(bOKW z!vN*dkA+6|2alkE#sSXFYMt#wr(@g0RknX#2#M=oz|K7|=?ub6VnZs7Y?g2Ps}87_ zn}$)u*?rrMW6gP1EIxlz)}B?RjDXm=vM_qR4Jb{?OF(^6U8kQ9DMAmz?0O%i zW6dW~VB=M}J6U>Es8?$F9jU6s^^8T?-8_P{nU%xPPEUNEFB#%f{eh7}Bjc>%a%9wG zotUp~(b6MLO5#X)A}^D^Dw7{THVXRQUC0`Vp_CZ8&-dVdZ29tRYgcdsxq3=f=3XfXC}y{ggt!!N`E60Ebi}*PhW=1QX_7SiP^Ae%40mBd_7e5`8{i2a80FO=fk0sIBET+F+V>d|#Bl?rne*C+ zV1d7P^JFv;03Z^(68E-Cz60;C{^Am7dj5i7#BTiB!KgPd;O%VY_M^eOM!$6RrjN#R zbxHzMQR+kAoU#(~=P|kFMpeEfl_M)qOG|jS>GE#}10@zL^tLyAc%@kM!@Xdg%*!{{ z0nsoi2-iHZiPxI;U8KeGjb8nv!nO(`Z88Yo(Rz-KAa&V$_=3On!>N^LNfKv2Zeg4xDv{QO)kIoBMEflQUs~)DOUh5TL{G0}uQZLv?u>|OH``ZD^ z7p_R_ahRguyDg}mO^)x+`*&M^p;xo-9JJVz!tNmrEJ0wr4NP;ak6zuss1MtNySo+M zt()muxPOp9;SqA*+sBl22X%yWf(G`NkEgwv&P~4(6^4J5 z%&1Po3_KpNmt;u4n81dV+mXg;#P9xC2%eRE9&oa?X~SG@{J_$sPIb@~C%P|4kj z^m~A|FoP`s;O@L=e6lHB^r>03Iuq!Hj)^~sPJC(@%zFRnkx#ak73c9F?-*cKTt>yc zo3*+4!xv%Qk5xZs9z|SjUgOdqpXYa4Jw2(^cs%f+-4s;Z{x;BRso}lTMz?}r>{R_p zBvW@dCvY^;L=Y4ggXkT?6F8kR8gu+_=QGf9Yk-W{#bJX++lwgCR4 zRMUCVVbf=PZ99KntjUqQ|5iKst&Y+jB7iDm*2tDR}1 zRqtu)e1GHtvu8VY3}#l#J_Pa79mh{o#Wj_KXmR#e@|&Aa3n>81X&0`?Uu}6?7e0)D z3BO%R30LgmO-JKeAm$y(`{HH1z<8>kf%-u8M}o zUQ0o>ms+e1&s?h`Gf07Y>xKJ8_~C0sT<`(H)CP-4Aun%wurxmyn>e&BCa9Tg9-b6B zVghBf!*jZId>jN&j#t*pBnB+sRXe8WISA8#e8Et92ju4@mNxpv5KrDAC02YD<9EOA&R1H$`tZV&#sDAO*_n2wPwK4=_3<7!>BulThD z95UA*VPO)Uv|1u8KoQl~&8$+H8;LtvaiD0rmK>4BVm$ncVJ*LwUWtv47H)!bTY~xy7#lxliOtd)#fSw{YUVKa$(c1I z3j`)5(~n;j9s&AA%J8Z#S&?e`zOmX$KmkEU$Ev@{LsfPN@`LU0@DzHBy{g2fa{Y+A zNCQWC)8NBFAm;Lw2;hn*R&ix(S-efU>h%Oq^=6tEWqSNDCc$$8GR?d9UIm|LpBUdwK78E#P8B(*}o{TF>a*R{^<)L03qPOoDiu23o5&y1YSj{qGFZHUutSRqUhPAup3oe~neo!Yix#$Mjp@=Wm!es?s*H_gY_ z2}YtbxFU?y_Vw_&^(vo@I={IA8u^90u9Ax+62H%bNuYNltu)IB7EUe zEl`@jB*RsJ&-5VEet5No->kp1u1>?wl5_V>qG%HqQv3LDKep#EG>Y3;(-qt6^o=#( z4T7)})!pXRLcC5<$hUj3WWyyf*KT=_>#X{F27cSPbD3^=6$1nVrz)?h@-@oxF$`}(!`*O;ENM?5cI&6eJdIh7>eH*#H9EK{}}Kxdb( z2^X8<%Cpy3GCwbs%#@}t!o#;X%7=(06m?_nKwpCOgY|A*YBO#Dhis!=aiGfMUqk_V z-Ryo;{q=1(&70`USKq17gqY*i*Hgkgr`2dpWiT|Q=n;-OtMRmG(zY@@q%ST6&y1^)0Cz2AC=Co5@a^PsDK{)yxx@ zU|UfF)R@QTW1^bs%l?n&G=0KfaDN{H*`~*Qr6mu~(U-e7JZ21nswitVY8=(s+tQrS z&tJ5q4MgtrM0lRSyd=;xx9MLed2sFk=}!xnL3KjU9Z9}Lfy7xO^buT8&p$cu>W zf6s?UD8i6d9>xI+^SurkRSH*vpqQ(_9Jn0Qt#0Pb6KGOD`t3P5>+Vevca*hkrue3f zAj3d2QQ&o7`a-%Myyt8%QZv*)+#j7LQ9>ca{ghSNX(%jbDYxp-HexI^0+mo)`Ic!W zFiVKwM+|NpCRjcbn#RY~!61ZCLW$KfRsICT1>%X7QT!XYxVai z>~4rP`P3MQ<3heE}jYc>7~Vr#-L^Z^&y>`s_0^*X^C*b-Xv(+KwzI-Xj zTz$jHW`kQlw&G19M*gK|%rjZrIeTFFdMVY`uJq_eit&W`*m~jJ5EsS<{JJ2u(Je7T zK$7h2t?t5kp32)F++Igk=Ua^u7vo(6#1x6X=`)5k?wc`JNDbF*TVl(6dbwM6u(mW# z6ouU|%NjOOW8=eH23iuM_4BPQNqqx$G=Zu&y&UB&gAcoBO24iFSM{`E4rBN0B{#XO zpUQ33zDjm2$+i)q7chq7wEWm49jfyHRO*jyDkOo!7B>I@XG-jLdTONt$KvB_bOBd% z(W?RJ0rj@6IX47Jh_kl6x%1Q~bdxi)>(&!}wflvUv{uu}3WBxc-I)P;4n2a0FKzSU zEG47Ayz-bgPy1+0K(uN1RU{L?6@EH2eHgoY(T&4P`cCW}7mFmWphR=*R8tY1*DMS7 zwpF$h8+JG50g}Y~U6SG@1d7j0SB>BeZ7G1BQ>AT{)zSQ!VYJlXHE17dWxIE3vC<(H zO`pB~*O_(}BD}9mW^XzvyZQN& zTzFkqP{LEUD=YcS%Divf@-i?#4)qF(zc*kPKWD+yi>k`r+G3RZb^GHoQB8br_G*}; zAaAG%JC_8STE`lkW7JnYike&Nmt7U@uh&x6xL5=UTp)n7lP(nXk(Zz-_emz z^{_s3i%62Mfh6W1XnERsjz5`>KLDsxQQDr=W?DEIW#bTndB>1>SO<1uKt%N)YAk_` z${N-rYsx5nPu`kv&!*R8)ZF*TM21X_g0VepK@2>o`^co+UWaeSdoXsO^a}w0zQW<{Wu-a^Q zq1ILKi(xl8G7-;O!tc``)x<8}nm9w(Sw@&SVNYn=V8s)ocY;kGQ=zY?>8YE-DOhItHnR~d55Atm+^fmFG<>;Gn{&m!b{-z-cmDsuQ5^@cgJ2#$>iY>;S@-X!UB1!Vo zzTWlA*B7SaKNlU2I%Mwzb62vxPZAwQ9kv1l28YwCPQ<;N zrxF+%9TVOo=O+1_yMLLwd8Sjn|Db}93r=}YCkz6p88W0M8y#l7__2noKzMZOd+ois z@;W~t1O&32IWM*}I$Ic`7*OAnIBZEo1>1e_Sn{-6BUC z*?vpy_-@mBWo${4Hqw(f!ayMbLcRI&+#KzVvilO$%AquB&1%#htPrBLsBECQP{%51 zM~=H)=l0$GW!D88p%ogsKU%s}Kadk$^@eo%LqC>2X)8nGZ*?(F$dwEcdzxg96eYgn`RO0yVA$tBH zMd^|G7u%t;3(4G%2>d-k=mAd=W4)IFaLgC9J+B!L?>aC)ez37yP`0q zmZU|*Y<{-TF35F9gsh@W3$h_(dQiBMKTY#gZS$t?#4u_JqZ|)>wpCv+&@8>dm`xrU6u}uIc)= zlZWAWzokx5VPUV><+SF?Yxn+2U2zz!hu;_ntJD^&TBI-)6SUDD(8jh!p&xmAp3F-! z)*_iUT}6TN9kY^@;LHZ~5U4{bl3bpAicf7opfvG+aO05x$&`GhDeQ`ZRuoO(G(1m= zdsYCB_c{vZr$;p22N8g#Z9Axwpdz-Nk=19?_7PV|e>y(AN=&`ddDqk*ATB8qJ6+4v zE@vaf)gOc-&Nwenyu8I)aAiwj?0uPhJUR5Z`Klk=?^mk``+TjQ=Q_@D#un={@<2H4 z9i9F>C?1u{6MCH=_w}W_`&TYc_-fp_AAHfSXw{n*?S2(Uq!W=Jg9R5qgFc9GEupGT zYe-w1%H0XMGYU8H{l!wv*jWpuw44P#*K_FIZ-O`OHC#W>Kx=7yCiiF82E`RT9PcM$ zTkkULeV9EiKq&tjLWuSC zgGr5n9!FX^W*Sig=Vdqext^F6C+1LmuSw}jn!cnL{jISJE z3tz5KKQ`~}7>MS6f|=l4yt0))toJVyJGqs(hGQ0woqyiK;k*lUR5EKd!2vp4Su9!> zI5T662-l1*9IE-;X6AQ4?P3h{jg5*QU^)BmZR_}CT1V3)Qw~U#;D6<+Nk{nw+jufe z-4fE5_~7y3WJT$d%hL01e|3cOaHL)}pT$cDv0lVjXe?L8!$wDca%y$~K)TB-A^=rq z+5bL7y`CD=!~|K^6KgxXt=md_aS+TYmCq3sZs1rA%|3gl4As@YWo0=aY}W)8yNC(b z59MfE8!*odLO(*|N(Bpi*>4496YDTMcu4Z`JUM&qyT-q7^-(5XvY$BZ#L=;S7h(+! zUd!*SR$e)<+vd^UxtmG9{Plo`ZDoFxi6XvmmSVs{QJ;6EkXXb>lL}wp8ZWGS3fbeE zeY|QecKQQTkLa}|(|4;MQBNaH$3U%FzX=2SE%3Ri3s?kwZU$ng;A-DQxo%jEPy1uo z{6f5Hyr^`Rhl$d$Dmn1eBYy<<#QFCV-m&34Rujrez>~6HY&&o2itN4W{@ivQ{$!on zesj9{07ChLYT7pxEz<#zImJajtmS(X6HLs{ zOnGBa6ita=2;UlsRiQq`&k-R|VK~}&Ej0QglQKs1x}q zKZ6>{;wOC2LbXy4?sy=iQqfgVhfm|~Q1=yd%nlHfx_DKGS0tZTZ*#c5StY(_@6RmQ zLH+P@Z&G~1<@bl;M7xgy=;$D+)1aIE7m|$a3=*x8RDlUz$+CpxWnBm5zZQH?w_QAz zlt)&9a>6iJ>fuwnd5cDX-YxZ=u?jGrE>YWFLSRlgyRwwxB+ zCaj^_Pru)-Y|+qCed9f0JsU%4j`oL|v&Ve}Tl;-+*mr^QT%@=qyztq+r;+*O;nE$vge-GsB_xi?x>P@?2V^8Vk+{V}^@#In^V{bjH z*JS(8oGaTanLS$c`585^hg2Rf zdowz|dm9krO*c`!?6l|zCuYZ3^X+NIxQ(L`Tv>eYpXrbmd8{a~U%%*N@bXuLHs9Ju zAm`(yfS}~2*UL3;t#Nig^Yp3iarE-t^By+`^=3Wc^t1NW&VsWRr~ki=$sQl|%% zql({x?HL7r5ousYNQ)cK z7lnq~A$M9B0L3Wz83B*4+rqeEt(@M8Ijk9UzTF`e0U+~P;ry~BH$rXwUnei&r(yb{ zbjqnOoTEs5bPGc$9)Igz5A1d=duSFm<`A@d-CaC;yzYvVXsqZ{aXIn1@v6RhqEo-K z+uO8dc%l59qawcIbv<(%-OuFE4|>!gMF2M=j@R!Eo3(yMU6uXQVhbQcCh~`1%co%m z^m0om6XO}r6UWj7`|FeWDI#jRgY(Xm0<9T3Ip;-7+YSd!j$fMd_m7UeYFkotttEXE z!!T#tTiGwYsCxa!s(>XX2v;0V8`VRT|1$uTg{L1(e+&=OP5bKAC{w*AjfhVhDe^)H z2m2;Gl!DRk5NgZWs-SZX+E~Ri?~~;juKjrEE5JDo#s<@!hleDD4`7*6RLhd6F=jw) zgRRx6+bp|ukY%9pc1V9Xr3f*lwoQ;gn4nS{CV%?`$QTB}+Lsq-r1mU^U$F3X`Zg3& zS7G>FzGP2>1GtZ_lQNsnHKvk5AX-TVlV({4+)8{2Nt`9@yn;jvzAzg1?;?MA!Wa{i z*_@KMID$&bo2nPt8XXo1)~-%jzWj*`DQ{c(6f1HVZc*%e?~cr3fg$&1^1IvDGR}7? z&yPR;sf^dfY=0z-6VqsDOOT8)(lLJDxS2g%Gxn0_r9S_}QSuTd5;l$aR~LblIB!WR z5x0+;MJksxo2S$RZR+{5L;AdKMkv(LY&k5nmh!e`YN}fwuF~uDoiK_FZDUtXR}Fp@ zE*3utalI6u2COsLvd5J-XG3N6e|h1woO7}^DSSO@oL#vWu0_u?Df{^@Er#ZNDqF2! zUqjJ*;zPbm^?@)^cH%Me!(olyNpL0o5Mw)s4mAAmT+gNBYDMJW)<#V2mr+G`=ir_Ikdv6<2NYJtE|uCw_|jxP_s^U1HPZkHw-;t?$+PeBuBlB-S95q%X8t_A-SKZRlI zh@Wpu_NEflPy{@TAVwAHGgu)AJJny>*+OnKc;EkcMPkV43*y~*h*m0Ht(L6fHGVNj zQmCN!@dqbXeyQHUh(IMzw24anpv+68+zp!!*)6-}-<)d7B8qFx&MZx%j@E2Ll~)eS zO;)bgUIw$pn^NUnfk#V%gv`xVn=DQ5H(3~2ID~Ip#yJIOSo}qp){WY^jA|MTJoB!c zHol!K2@a?qI=5ve*p`mM>^~`_x3Iq+=s&6ASH{0d@jI(wHcJWTcq3_c)>Z2_Q!aX% znDy~}nBNTtSHb5U9W*6rRfkTZhIY!i0r_+`LSkM4;@D?}Hs^^{iPd_>8~W@_{zI#@ z&Bm(QAzxC7MMP5ovn)tU)x7#G%Ex`68^`tIJ2QX5*KEz)2nd$}X|>5}fD z8G1%VL6AneVSquTl$3@620=o}p<5VGxXab#mq9IxHwJy(kEVfSI+ z7RS12{v^8g{x&R^wKviELPK&O)0pBr9&nXC5Gmf@kDiZ(;If{68NrqMN#m<1`6u@2 z%wd-uZ8h`rxQvlM)S7=bu-3s=T%LDi=Dr3b#!~!ww)FMOckh};F74}|u4=_#=ZA9> zfE4fQj{nkWuPc#iR{rt_YT5pmXG=3IJ>AlAwe)eh#9ewtWc0R9;C;cQDx$zpq~mNe zZvzA6y;Xo+;Qd@9?gSNRUR>}{Tz*=%Ucj-GAegqWUZaY3kCo;R%6Dszt8puVVsFAC zTr$b(?Jq91fF<=1fJ8Yan`y4`%yc+o=}N@^^67P(2#vXyTd~y0Y4o^cSz|9};G=hY zHlKiFLiw#frZc6h`b7=N)0PIJftx_(ysJ(?H1*blmo1B0cLp8y6FL5D1MW>e}RzM55y#`@~55kG6DcKwjht4*YiP!t1r>3l>e8Pc@kY z-{6flZOyyzpXW+G$#Qn7au=jmzoRy#R?bV^<2JEytGZnbfBA0$;`%*f#zh(N#aAc4 zA!H3m;;Rpr{;K}7-;hj{l|pAvUJ5r28~x=y@D{7f<%m zgZ?uO-20sY7GEB_{vjob_}YqU`n^#C-a$edQa6X;6g!swX`H|1iP73xozLCux}F~f zF2yYMPG}siZJd`?)@+XYL@t$Mv|gm;dp8(f@NJ%t9cr#H5s#U6O*h_66YXP@A`xzH zQKgerbto(O6ObQNQQONWyZdxLV82?*`Rqp4#}UWT*zIaB2#=7GL+l4y^$}uj2KPrM zE+2m=VqrI&I$XYL2)BdtN0}TqX@^CWEAfLzdSDK6^PHQD%+%Tbchx7|&3@mo9IL)E zo{oTNyyMFC%O&V3JZ zTXZ5du~C>VMA4{fnK_J_Sz1Rg056X^@vDQy`ftg<70))%j7Zk1S%m7H}qVD7^QF`lyAr&eIAOb750WC+;5F@);;p zS#2%99O(!a0ACC~PkVXHQe-e9Ac8@#Lk`-L@WX!4STJ^DjymB%yPC*MzYei|=Qx)``EQ7&oKXOka+p@`ls0Em^c(MI2r%Dtj;ZDD}3qJ@| z2%c61jH)8Q01 z<*#$zaZqwP2Ss&oyCEERNeFskld`(h^gz-b9=am5??0a?{Dy7Q+3i z9e8y~Br0R!;jdv)vH&6mAwT&=?3MoGYss(O@T zHjXZ8GNH)}@M3Adt>cumr;27ajV$83A`Jijm%4aHd_PS(W2M97(k=iXEiapLLE9@| z=3EDVmv!RGY}adaR{w#@PB3DW&n0PdM5W$4W{1AWK*dx7gHFC0Bp9fg>nQVDwP(ufL(BJi1AwAV<|CTfeT|`Bg5zw{3?e&k3nF( zvAsYq{^|@nPm~V5NM)Vtl--?%YCLPfAoX8=(HLGOU?m~y3BY6BB7bFL>3e;SMhvRn zs4dB+qGQPIpe`1_uNzX>P2Jw|5_-|0ZsE@6&!bST4YxUE9&pzR3;3!@S2k@$D))FN^*l;l zHH9UBQCCbk(N9{U`H)pI4t`hBY+mIj9o@!SZJzNS2DA85eOQ#{lp?7`_lPh+@-!Wf z$UZbc^1I`TTX^J`cyS7=@I*It55Oxzfg&w2m1L@Kq~!Irgy(ql09^>3^V?CGqptJu!3>fS7cEMfmTFVZMghqFS? z!ZrZbFPpzS7~tMqAjTn`uYbh8yZIxh56ciImr1z0^E_8iz~DN7vk-QN9-*3|HDGV-8R7g-=wX_uL-j_I&{i6DKBlF1%NCBy7 z7bmWEcIZm6Po<(6WZ~&3vQ(KO`lG;JTFZ)YcR||07piD+(A&5oGSSAJJ+0LRLidNb zt}h$mA3m@4eVzadhuL2o6Ol*slOKorUZ*@28rh%zzQ1{~^A&Aj^X}!K(HE36C)Oq* z&b;#TJb3xdmL^(msM$Hydsj%v{Cky`ayw!CQ;U-oQ{P zhr3OY?Qu12S9`$7-5Z>83*j1Ad7cqRBIWZDQSH0l>f=?P`61UdWexWe=xCYv67(BQ z-aOW58sUOaVtO?a$*?b>HG6!I1cZxrvu|7Kfc`}2R)A3$HaC4A%U2S58%*IBbJt>W zpO}m6$>wnqiPHKsoQ#uP28mAaiMr<%V($i2V)aL5g!?0=*L;6fERugwl6(6L!~9O3 z?G<*}I0TSpd^EfGN`4@}$xd7SWW)%3dg7ezcQR-xS4ZkvR__4$4Z$ji?BAIK@T07g zz5FH7X$LC=^G%nK--|gal}~Df?)W&}2C|LoQA14=A~u~fqn$JbF%@KXUC;_G)0IVo zYCigck9NZ!J=*JR(9; zRV1&3vakm<*2v1rs?NRm#htqT-07PtQS-Q);uM28iXwb zC_Y`2NY(doA>yRWQeun&mwS30`>R;y0hnFK)hpVy9siSWuK-dg9;wtgmL!At)m{fp z*V(J=c8BrlZ`htrz;-;Wq@uY2Hr_pgosS{U9baKVt~+6QsojtVx?h;kHG?jjjSs(3T#n9FMcy(ew`yF~2d25?*Jsq$Cv3gMHuXpi0nQ zBhoT8Gro4OfqjnfAMfoSA96Hufv~VRHkNv6OS25$EnJow?H?3tfQik6XHrqV&|>I{ z+jA$O3QAaC%Gt9+H(iwpsuc*?8OCqi)tD$4z4jCfO;VLXq!q$+&lH5-+9b1K&L?y!EyR1I)=vaD3UJ}~JAj-)0 zVo{nuaKQUD>ZH@i!ZF)JlwWt!JJzRWDfj#ls|FSk{f3Gbq>=d=7e>q;!c?XJF1$G*6pS z^84BObFb<+ik0E0$e@LVK%T{{&o8Q=i6gb(09vAC=r6QVOW`=w!v|msej)wf}c=L z6~!JW#`Z_8kM0(9jI82iuGkYbOWdmFn{~o#r0Jr z{SA#+B{f@0urWi*pzMVR;A-m;+hBb7Z4tS7yGl|HT&QFLce5l>`;8t}E4B1c?{7l;rdP1zQ3mtc%M~Q?yrG}ak#j8xdh+EcDf8Tk7e9o9EdYzG$h~z6I-_lM;k%`A`3JhR06~%lLN0c?%r>#B&O;EKZ-Gc#W1zTMK0f)`5`@w z9Fq>lrtlXFLHbWhbwgSArcTSBYN$(r)onsg(DmG6?%J61-0z+ zH+~d2&RogI)3=m@$xY5{3|Ium!bz(ZhYGJ<7H#YP8wV+owd#Axa_S_HHc&fO2U`oEY<9Kl;Ra0BaVtS;@R9_VW#CVOQqUM z=cO|6qwm0P9^S?CI$N2|IVSWuse)FsSKp89rv)r+p*{s0&A?4A{5#OT#2|BZIO-)w zd?DKmG|Raa30#2K65OU?)z76qg-Ww@SK37intDQ)-DnB(XnRqv9c&EbY}+Uef#?h6 z*JjmPgJA~H3MGD|jz+TK8Q|E`am8)w-~W0YU^tpSEbCd#4v_gXi;=F(pqGztVgHqV z{M8^*IJ~aX3SdkQ(C(}Qj}U!QKYM)<3br0DmPmC>?!+iJEezR6}5Lnr|zc(q@xJ(UuK0Tse;QIl7f3&mKAGxFOa$AI1 zV#CGGaj}HVkC*!jA2}v^i~deQd7$&-^{PaZ76X-ROqW?z)I#23K0J0c|G$#ucaEs< zfV*=VUt;|m$|lJczJE+UV^H@U9L#Ng8sM7~Kkl0WaYv5Xmq2SEEiGF#iK52tv!ORA zF&{QP`JYvcw79XZfUENSQj#_)kV9z}fiP!CC9DpaMg&5Q|F#slktQI_KK9QGWPtlq zZ%;YC1}Z6}fEA^_mI2B$mkRUL9dH$V0pd;C>H%z9*`Ee2O?xfI9@x*h%N4(Ny2l00 z27=lKFg}ea)CP#J%|X%j{a}TPC#k@b3!Wp62p_g1hPpy4`!a%Go2=ZMk4Ol*_cI&1 z#Ps%W=W8>g1s3aDlxx2Wwp+dR(Y4~6==s5IdD?xwwETA}lDuTHhjMdfzI&W)lp6e0 zX4GbnE*e({PBx(dL#zriq&ra4f*bFn6qxu$$u?t^jpv>v4^;%(Psi!aGmZjuk%a@| z!Yq3%PV|arFG;lm%}0EpQ^2O64iP|AUl;S1j8MjoQE7XqkFRfvmOn2-kLyl^vMh1K z)u&gS*r$?>VL+K!+Vb6UO6kV`B#{3-MErLq7Q_X+J`5gon5BZeZAM(cib)k><+lV{E>T4`e@)s?-zCIKa1$%KzI{AIhL!%4Y>`{-n#^6K0M?t5kbsRB zHjL|s%hgEK3VV!=Dnm;|^UIwcmp^Bc{>3DdjLMB0;=do!U{IR4!DC+%ShJp6rU6g+ zX>`m(H8F+J7DXE{`Cx(S7>m!}==jGH{=Xl^Y~NpRm8;4KIiq;76$sA3Z3@EHI1o#k zes#ABvi!dOg(7;jnTyS852}g%IZho=py#c=t|v+e}6zAG%?2V3|4}Ll!p#86-P&(|$}SI%g=aN%8bbuf3KU_HEbq16 zy67vbbt|oxCA}~3b8!XL!nucFBwP9{`LG`2lL*ylP2pL#6^Mg-F>;xZ(yr! z;kKKk<(ug~GA+2oh0ygInVuY>AWMX6ks!zNv)wlk?D-imYbhASAC=FdJKdR>)ttjn zU?ng6_LQAxR6-QDeaafRZU3JD{nvpF@!A8N{TGHG@eSU&>EKMvJgni9bvTORWD?99 zJ*}Zok7Z}_c8}7A=s_7S#GXk|-Kn|%L)m-du&6&!QwNB(hnsQlwa}>CVA>2PK9-|l zQ0BZzQ)Tlr3;K zZ`X;USs4Bqi$VAll}ouB$+;@=FCOQ76aRa!`+v`=4?v(7yxWw6N&zmpGU~jj+T)-2 zP4Got76ug$SoHbuv{-Q}wg3;BNI`1!;QL1OD#82^(UKSR91{G|gk>lpweA=2K zV|uG&ONsv)VJs++u#-*y{42(H=`}8jkaOZc3_awI*B(pd=1k&n_7t0AY|%(3k*AlT z2l$XZho>m{$9&!^a@9O*7qWPtN$>o=Xa@hY_FEo06KIb6sm_EFgB5nTGv1#f7nNVC z0(D$9h_@=7CSj40@;w|@nFkVew4L_T-|jY9?^cMa`-C(K2RjJd|L*ypC~?_1M)f$L zoU#*=|7k)*?%|yB_j;IKM?V{@kbqmPDU$1{M0BJ?EtvUWoqZw2S{d%7YfB7zxFZrK zDu)s7A9WH3js+7kV>XPmnLgJ*^W2k*CIv;fU=Lt^qxZHlP(K{{7=)T%eag3W=P>g>|Gx_0?O-!|7<5 zGo94z@z1G4+S#?$64P8PC9YJ)X<{20R#<3qG5{MK^=H!9+$rUwdF$s<_7@d~eG zRCNQt1=m3p!eFyxY0>*1DO7?IM?*2n*8rQi=neZ1N%f&VUVEr1bBs49v-Z-bIYhRX zxZ5jdSva=1v_N0VRiUZi!Sf89CxRP2>Y7J)Ul61YAknf+@gK}7VWV#JbhDiXTm1U| zH&-WAt9oS>IZ2-XSiXR#7r0yXQ7ycv;T--gv+dir{}Y$MzmtoMuWtO%p_q|2ZhBop zeFMn%fycQGyO0f3(_GSvuB00im-hF2lgSMnpRDG{jpXkQZK~UiI=o)LXA}QL`x=$| z+~VzI@xbYZ$}Fcna896FHT;)nP$QI+m?}vMJF@xr`TobZ4~*pGg`6`Q`M}gKUcd^m(?L!+vCho^LP7q`oh~I@ua#%KlEf>a~l>+A?FDq z%y6tqu$wH@(L-qu)-u8LU&l)q(5F6Sh}nql5xq_0^ncpMKEVkiZYW!nxUV(x&tcFq zX0!wrVxgPq6~)a`%bnkr+EA+!j#0kiEIUhc0NXy|>Wg9=ufQ4Y#>7)r9dkb4WJqF$ zU~_ZJJ$8(=Sr*xp7E`@13;%11<-%D(?@?{|yWjsqG7!V%zTx!O^d?u|MCoQv{nV0x z)#QATu)SDPh@3gLDe*rxi?_@H7-qT2 zc`{L444W)|z*@u4dBGHgpX}#Sh>opL%X6b@+Zbi|tbNTx*Je4XD$+dl-^oWLA`qjj zp{zb(t?K#a?~4C_j|fh&w|uD^Q~AN|ennc55iI%^<{!pY+V09i3r}mJZNFqcHp|zv zxE|x(3piA&!hf^`BS?<(znAClPAFL-G>2lA#U!C130f!ZVVe+>6@3i6xKTrq)h zZg_w$LnhVMvfX00@+Ccd17!%2z+(MjV@8qXntHf;VRvJyv_?K_d*4%S+1OX&f^1Nh zB$4?Qk5&*fd9))(AS@7pcMpJc)7|{*?KHfts4#2lZaC0NDp}feJT*UibM0ButoBUM zq3?rNz^}!29zb7!G}ZjIn#E|qQld(0^`HzS75*d_$XbGbt+4CWAS(%y9>YC++b*zI*-@=8u{4xSB)@Yk(EpA6_=vx_ z#L8xf=IC>qQT_&-ymMidkYTdH%dUi2z9-G&@BG-5=YXsJy+P>uE~NQn+@L>eL6Kr#~6qRq;a4D2H+&6Ay zvzReflq*h>`&fx@l>J^WC)Y}J&A`~%1Eo^vm7I`}+~D=iAixODNv|*JV&~KaUtWtk zr#J-!N0|TWwCn<1H{nV&79v}X2Lm=8RK_tlae$i6<2DlEkU`lSsa=G~W@&X8z}=IP z0&ZbJrQ*=sSkb!|+jUl@2a9K`*<`7f-p;^H>#4kkhQ_2@7gO7y|8aF=ivby5b zCt?9uL`Vqieas@~IZ&PwUVBi= z=fhdz4t4-WO-4X|jQSP;BUQ^4&2P%SACHpn z`*VLwFay!zN$=i`K7X3hA2h(K5EfEBAi?X827cgY0&pPPa0nR5ca8vUh#0$TQTEu1 zhK*t|`~xYVD&3axW`NFa)^pa6;!PHN7Hd|jp|Qo2@C%Z zWh8{(91tIILG!r!`Cn!oe5*P738_1`SbaGLbf41LA=3J05#6TOr(LpP6IKDz^50w1 zj%P>X+Cy6+FViD3eD}KzWq0B-!n@x7OPaS9QkFBP$v@>^4^(PQ?P2>;+Eiwz0g*WU zI$V%xnES=b?hAl^)Q~Z_m%&orMI_-V+|l_h!IR*Qjvd&bN*Y0=Ma9cx1~ZLL*=WGF zwrP*z;#+#f@Ia&^(VRU-fOJmWtC@GJp&ir^Z~zg4KLAZg*NKc@0o(Zl`|sdIX#jW55fDg8uxK3HSmt>L-Bo7XdpT%#(8lXVls!U_QjJl}Rt7vsb2;>497nm)wrs*VZ1Tp<(p7*XRgG)Kir zc!}^nJV=C~qtJ3cw@iy6k;1T>!cv0f=SX5Lx-3*=Gn1N3x&(tkfGyS*Oab_gt6;%w zMr!R-a4R6VL@9eRML2Ph%xXfcpIXeay)0<;qjKpl@m%iXPhZ_k|*T zW`HJacJaR@KEBT7w7F$!p~!dOuXFF`*K*@Yp*rKdu`>6;+K$&!_Y+